CVE Catalog

A vulnerability allowing insecure direct object references has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. This issue could allow users to access or manipulate objects they should not have permission to.

A CSV injection vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. The issue arises because the plugin's data fields, which source information from various origins, lack proper input validation and sanitization before user data is exported. This oversight can be exploited by uploading a crafted Excel document that injects malicious CSV data.

A stored cross-site scripting vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions prior to 4.0.0. This vulnerability allows for the injection of malicious scripts that are executed on multiple pages within the WordPress site.

A stored cross-site scripting vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability resides within the settings page of the plugin, allowing attackers to inject malicious scripts that are executed when the page is viewed.

A cross-site request forgery (CSRF) vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability arises in the domain field, where the plugin lacks proper CSRF controls, allowing unauthorized actions to be performed on behalf of the user.

A denial-of-service vulnerability has been identified in F5 BIG-IP version 15.1.0.1. When the HTTP/3 QUIC profile is enabled, specially formatted HTTP/3 messages can cause the Traffic Management Microkernel (TMM) to crash and produce a core file. This disruption may lead to a temporary failure in processing traffic, causing TMM to restart. In high availability configurations, this issue can trigger a failover to the standby host.

A vulnerability in FrozenNode Laravel-Administrator versions through 5.0.12 allows unrestricted file uploads, leading to remote code execution. The issue arises in the image upload feature of the admin tips module, where PHP code can be embedded within a GIF image file with a .php extension. Although the application attempts to block such uploads, this restriction can be easily bypassed by manipulating the file upload request.

A vulnerability in CodeIgniter through version 4.0.0 allows remote attackers to gain unauthorized privileges by altering the Email ID sent to the 'Select Role of the User' page. This issue is reportedly linked to a custom module or plugin rather than the CodeIgniter framework itself, as the framework does not provide built-in authentication or user management features.

A deserialization vulnerability allowing remote code execution has been identified in Liferay Portal versions prior to 7.2.1 CE GA2. This vulnerability arises from the insecure handling of data in the JSON web services interface, allowing attackers to execute arbitrary code on the server.

A stack-based buffer overflow vulnerability has been identified in the Google Cloud Print implementation of certain Xerox printers, including the Phaser 3320 model with firmware version V53.006.16.000. This vulnerability allows an unauthenticated attacker to execute arbitrary code on the affected device. The issue arises from improper validation of the register parameters, which enables a buffer overflow when the action value is copied into a local variable using the memcpy() function.

A client-side AngularJS template injection vulnerability, which is a variant of Cross-Site Scripting (XSS), has been identified in the SAP Commerce SmartEdit Extension. This issue affects versions 6.6, 6.7, 1808, and 1811. The vulnerability arises from the exploitation of the templating capabilities of the Angular framework.

A vulnerability in Envoy's TLS inspector feature, present in versions prior to 1.13.0, allows for bypassing TLS client recognition by using only TLS 1.3. This occurs because the TLS extensions, such as Server Name Indication (SNI) and Application-Layer Protocol Negotiation (ALPN), were not inspected. As a result, connections could be incorrectly matched to a different filter chain, potentially bypassing certain security restrictions.

A vulnerability exists in CNCF Envoy versions prior to 1.13.0, related to improper access control when using the Secret Discovery Service (SDS) with a combined validation context. This issue arises because the same secret, such as a trusted Certificate Authority (CA), can be applied across multiple resources. When this occurs, resources configured after the initial secret reception may not apply the 'static' validation context rules, leading to a bypass of important security checks. The flaw allows for unauthorized access to services or impersonation of services, potentially escalating privileges.

A denial-of-service vulnerability has been identified in CNCF Envoy versions prior to 1.13.0. This issue arises in the HTTP/1 codec component, where Envoy can consume excessive memory when handling pipelined requests. The vulnerability is exploited by sending a TCP buffer filled with multiple HTTP requests. If the client reads the responses slowly, Envoy generates internal 400 error responses, which accumulate in the memory, leading to resource exhaustion. This issue bypasses Envoy's overload management, exacerbating the memory consumption problem.

A memory consumption vulnerability has been identified in CNCF Envoy versions prior to 1.13.0. When proxying HTTP/1.1 requests or responses that contain many small chunks (approximately 1 byte each), Envoy can use excessive amounts of memory. This occurs because Envoy allocates a separate buffer for each chunk, rounding up to the nearest 4KB, and fails to release empty chunks after the data has been committed. As a result, handling requests or responses with numerous small chunks can lead to a significant increase in memory usage, potentially two to three times more than the configured buffer limits. This issue has been acknowledged by the Envoy project and is being addressed in the official Envoy GitHub repository.

A memory corruption vulnerability has been identified in multiple Apple products, including iOS, iPadOS, macOS, tvOS, and watchOS. This vulnerability could allow an application to execute arbitrary code with kernel privileges. The issue arises from improper memory handling, which has been addressed in the latest updates for each operating system.

A vulnerability has been identified in Apache Tomcat that allows for AJP request injection and potential remote code execution. This issue affects Apache Tomcat versions 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50, and 7.0.0 to 7.0.99. The vulnerability arises because Tomcat AJP connectors, which are enabled by default and listen on all IP addresses, are treated with higher trust than HTTP connections. If an AJP port is accessible to untrusted users, an attacker can exploit this to bypass security checks, authentication, and execute arbitrary files as JSPs, potentially leading to remote code execution.

A cross-site scripting (XSS) vulnerability has been identified in Amazon AWS JavaScript S3 Explorer (aws-js-s3-explorer) version 2 alpha prior to August 2, 2019. The issue arises in explorer.js, where user input is not properly sanitized, allowing for the injection of malicious scripts under certain conditions.

A denial-of-service vulnerability has been identified in F5 BIG-IP Virtual Edition (VE) instances running versions 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2. When these instances process specially crafted traffic with the default 'xnet' driver, they may experience a Traffic Management Microkernel (TMM) restart. This issue does not affect BIG-IP VEs in other virtual environments or hardware appliances.

A cross-site scripting (XSS) vulnerability has been identified in the Auth0 wp-auth0 plugin for WordPress, specifically in versions 3.11.x prior to 3.11.3. The issue arises from a wle parameter related to the wp-login.php file, allowing for the injection of malicious scripts.

A cross-site scripting (XSS) vulnerability exists in Auth0 Lock versions prior to 11.21.0. The issue arises when the 'additionalSignUpFields' feature is used with an untrusted placeholder, allowing for the injection of malicious scripts.

A remote code execution vulnerability exists in Angular Expressions versions prior to 1.0.1. The issue arises when user-controlled input is passed to the `expressions.compile()` function. In a browser environment, this could allow an attacker to execute arbitrary scripts. On the server side, any JavaScript expression could be executed, leading to remote code execution.

A stored client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression, escaping the Angular sandbox to achieve stored cross-site scripting. The consequence of this vulnerability could lead to privilege escalation.

A reflected client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression that escapes the Angular sandbox, potentially leading to stored cross-site scripting (XSS) attacks.

A vulnerability in EllisLab CodeIgniter version 2.1.2 allows remote attackers to bypass the xss_clean() filter, potentially leading to cross-site scripting (XSS) attacks.

A SQL injection filter bypass vulnerability has been identified in Imperva SecureSphere Web Application Firewall (WAF) versions prior to August 12, 2010. This vulnerability allows attackers to evade SQL injection protections by exploiting a typo in the WAF's SQL injection detection rules. The bypass is achieved by appending a crafted string that manipulates the WAF's filtering mechanism, enabling potentially malicious SQL injection payloads to be processed without detection.

A cross-site scripting (XSS) vulnerability exists in all Angular versions prior to 1.5.0-beta.0. This issue arises because the framework does not properly sanitize 'xlink:href' attributes, allowing malicious scripts to be injected and executed in the context of the user.

A remote code execution vulnerability has been identified in Apache Solr versions 5.0.0 through 8.3.1. The issue arises in the VelocityResponseWriter component, where an attacker can exploit custom Velocity templates. While parameter-provided templates are disabled by default, they can be enabled by configuring 'params.resource.loader.enabled' to true, allowing the execution of malicious templates. This vulnerability is particularly concerning as it has been reported to cause crashes in the Solr process, leading to service disruptions.

A directory traversal vulnerability allowing remote code execution has been identified in Citrix Application Delivery Controller (ADC) and Gateway versions 10.5, 11.1, 12.0, 12.1, and 13.0. This vulnerability allows an unauthenticated attacker to access and execute arbitrary code on the affected system by exploiting the directory traversal flaw.

A remote code execution vulnerability exists in mongo-express versions prior to 0.54.0. The issue arises in endpoints that utilize the 'toBSON' method, allowing for the execution of commands through a misuse of the 'vm' dependency in an unsafe environment.

A use-after-free vulnerability has been identified in multiple Apple products, including iOS, macOS, tvOS, and watchOS. This vulnerability allows a malicious application to execute arbitrary code with system privileges. The issue arises from improper memory management, leading to memory corruption.

A use-after-free vulnerability has been identified in Apple macOS, specifically in versions prior to 10.14.4. This vulnerability allows a malicious application to gain elevated privileges. The issue arises from improper memory management, which creates opportunities for exploitation.

A buffer underflow vulnerability has been identified in the PHP FastCGI Process Manager (FPM) component, specifically in PHP versions 7.1.x prior to 7.1.33, 7.2.x prior to 7.2.24, and 7.3.x prior to 7.3.11. In certain FPM configurations, the vulnerability allows for writing past allocated buffers into the space reserved for FastCGI protocol data, creating an opportunity for remote code execution.

A remote code execution vulnerability has been identified in vBulletin versions 5.0.0 prior to 5.5.4. The issue arises from the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request, allowing unauthenticated attackers to execute arbitrary PHP code on the server.

A remote code execution vulnerability has been identified in Apache Solr versions prior to 8.2.0, specifically within the DataImportHandler module. This vulnerability arises because the 'dataConfig' parameter can be used to inject malicious scripts into the DataImportHandler configuration. Although the 'dataConfig' parameter is disabled by default in Solr 8.2.0 and later, it remains a security risk in previous versions.

A deserialization vulnerability has been identified in the anti-CSRF module of Sitecore CMS and Experience Platform (XP) versions through 9.1. This vulnerability allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. In Sitecore versions 8.x, this vulnerability can be exploited without authentication, while in versions 9.x prior to 9.1.1, authentication is required.

A deserialization vulnerability has been identified in the Sitecore.Security.AntiCSRF module, affecting Sitecore CMS versions 7.0 to 7.2 and Sitecore XP versions 7.5 to 8.2. This vulnerability allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter '__CSRFTOKEN'. The issue arises because the CSRF protection module expects a serialized object, which can be manipulated to create valid .NET objects that, when deserialized, lead to code execution on the server.

A remote code execution vulnerability exists in Citrix Workspace App and Citrix Receiver for Windows, prior to version 1904. This issue arises from incorrect access control, allowing local drive access preferences to be exploited. As a result, malicious code could potentially be executed remotely.

A privilege escalation vulnerability has been identified in Apache HTTP Server versions 2.4.17 prior to 2.4.39. This issue occurs in the event, worker, or prefork Multi-Processing Modules (MPMs). The vulnerability allows code running in less-privileged child processes or threads, including those executing CGI scripts or using an in-process scripting interpreter, to execute arbitrary code with the privileges of the parent process, typically root. The exploitation is achieved by manipulating the scoreboard, which can lead to unauthorized access or modifications. Non-Unix systems are not affected.

A memory corruption vulnerability has been identified in various Apple products, including iOS, macOS Mojave, tvOS, and watchOS. This vulnerability, present in versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, and watchOS 5, can allow a malicious application to execute arbitrary code with system or kernel privileges. The issue arises from improper memory handling and input validation, creating opportunities for exploitation.

A file content disclosure vulnerability has been identified in Ruby on Rails versions 5.2.1, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1, and v3. This vulnerability allows arbitrary files on the server's filesystem to be accessed and their contents exposed. The issue arises in Action View when specially crafted accept headers are used with calls to 'render file:', without a specified accept format. As a result, the contents of the targeted files are rendered and disclosed.

A stored cross-site scripting vulnerability has been identified in the WordPress Social Warfare plugin, affecting versions prior to 3.5.3. The issue arises in the wp-admin/admin-post.php file, where the swp_url parameter is not properly sanitized. This flaw allows attackers to inject malicious JavaScript that is executed in the context of the user visiting the site, potentially leading to remote code execution.

A logic issue in Group FaceTime calls on Apple devices running iOS 12.1.4 or macOS Mojave 10.14.3 may allow the caller to cause the recipient's device to answer the call without user interaction. This vulnerability was addressed with improved state management.

A remote code execution vulnerability exists in ThinkPHP versions prior to 3.2.4, including version 5.0.23. This vulnerability is also present in Open Source BMS version 1.1.1. The issue arises from a PHP injection vulnerability that allows attackers to execute arbitrary commands on the server via a crafted HTTP request. Exploitation involves invoking a PHP function that executes system commands, which can lead to unauthorized command execution on the server.

A remote code execution vulnerability exists in Drupal Core versions 8.5.x prior to 8.5.11 and 8.6.x prior to 8.6.10. Certain field types fail to adequately sanitize data from non-form sources, which can lead to arbitrary PHP code execution. This vulnerability is triggered when the Drupal 8 core RESTful Web Services module is enabled and allows PATCH or POST requests, or when another web services module, such as JSON:API in Drupal 8 or Services or RESTful Web Services in Drupal 7, is active.

A remote code execution vulnerability exists in ThinkPHP versions through 5.0.23, specifically within the NoneCms application version 1.3. The issue arises from improper handling of the filter parameter, which can be exploited by sending a crafted query string. This vulnerability allows attackers to execute arbitrary PHP code on the server.

A vulnerability exists in the RichFaces Framework versions 3.0 through 3.3.4, allowing for Expression Language (EL) injection via the UserResource resource. This issue enables remote, unauthenticated attackers to execute arbitrary code by exploiting a chain of Java serialized objects through org.ajax4jsf.resource.UserResource$UriData.

A remote code execution vulnerability exists in Apache Struts versions 2.3 prior to 2.3.35 and 2.5 prior to 2.5.17. The issue arises when the 'alwaysSelectFullNamespace' option is enabled, either by the user or a plugin such as the Convention Plugin. Under these conditions, if results are processed without a specified namespace and the upper package lacks a namespace or uses a wildcard, the vulnerability can be exploited. This also applies when the 'url' tag is used without a value or action, while its upper package has no or a wildcard namespace.

A remote code execution vulnerability exists in Laravel Framework versions through 5.5.40 and 5.6.x prior to 5.6.30. The issue arises from an insecure unserialize operation on the X-XSRF-TOKEN cookie, which can be manipulated if the attacker knows the application encryption key. Exploitation involves crafting a token that, when unserialized, executes arbitrary code on the server.

A remote code execution vulnerability has been identified in Drupal Core versions 7.0 prior to 7.59, 8.0.0 prior to 8.4.8, and 8.5.0 prior to 8.5.3. This vulnerability exists within multiple subsystems of Drupal and allows attackers to exploit various attack vectors, potentially compromising the affected site. The vulnerability is actively being exploited in the wild.