CVE Catalog

A stored cross-site scripting vulnerability has been identified in the Lara Google Analytics WordPress plugin, versions through 2.0.4. This vulnerability allows authenticated users to inject malicious scripts that are stored and executed later.

A Cross-Site Request Forgery (CSRF) vulnerability exists in Hoosk Codeigniter CMS versions prior to 1.7.2. This issue allows an attacker to trick an authenticated admin user into visiting a malicious webpage, where any user accounts could be deleted without the admin's consent.

A remote code execution vulnerability exists in vBulletin versions 5.5.4 prior to 5.6.2. This issue arises from an incomplete fix for a previous vulnerability (CVE-2019-16759) and allows execution of arbitrary PHP code through manipulated subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request.

A vulnerability exists in the Auth0 Node.js client library (npm package) in versions prior to 2.27.1. The issue arises in Machine to Machine applications authorized to use Auth0's management API. When an error occurs, the Authorization header is not properly sanitized before being logged, potentially exposing bearer tokens. This vulnerability could be exploited if the logged token is intercepted or accessed by an unauthorized party.

A vulnerability exists in the kramdown gem, specifically in versions prior to 2.3.0, within the default processing of the 'template' option in Kramdown documents. This behavior can lead to unintended read access to sensitive files, such as '/etc/passwd', or unauthorized execution of embedded Ruby code. The vulnerability is triggered when the '{::options}' extension is used with the 'template' option, allowing crafted input to be processed in a way that could execute arbitrary code or access restricted files. Kramdown is a Markdown parser and converter written in Ruby, and this vulnerability affects multiple NetApp products that incorporate Ruby.

A remote code execution vulnerability has been identified in Apache Airflow versions 1.10.10 and prior. This issue arises from a command injection vulnerability in the 'example_trigger_target_dag' that is included with Airflow. It allows authenticated users to execute arbitrary commands as the user running the Airflow worker or scheduler, depending on the executor in use. However, if the 'load_examples' option is set to 'False' in the configuration, the vulnerability does not exist.

A vulnerability allowing limited information disclosure to low-privileged users exists in Citrix ADC and Citrix Gateway versions prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18. Additionally, several Citrix SD-WAN WANOP appliance models prior to 11.1.1a, 11.0.3d, and 10.2.7 are affected. The vulnerability arises from improper access control, which could be exploited to bypass authorization and access sensitive information.

A vulnerability allowing improper input validation has been identified in Citrix ADC, Citrix Gateway, and certain Citrix SD-WAN WANOP appliance models. This vulnerability affects multiple versions of Citrix ADC and Citrix Gateway, as well as Citrix SD-WAN WANOP versions prior to 11.1.1a, 11.0.3d, and 10.2.7. The issue allows limited information disclosure to users with low privileges.

A vulnerability allowing authorization bypass has been identified in Citrix ADC, Citrix Gateway, and certain Citrix SD-WAN WAN-OP appliance models. This vulnerability affects versions prior to Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, 10.5-70.18, as well as Citrix SD-WAN WAN-OP versions prior to 11.1.1a, 11.0.3d and 10.2.7. The issue allows unauthenticated access to specific URL endpoints, but exploitation requires access to the NetScaler IP (NSIP) management interface.

A vulnerability in Caddy web server versions prior to 0.10.13 allows for an authentication bypass in TLS client authentication. This issue arises from the absence of the StrictHostMatching mode, which is necessary to ensure proper client authentication handling. As a result, the vulnerability could be exploited to bypass authentication requirements under certain conditions.

A memory corruption vulnerability has been identified in the Mail application on Apple iOS, iPadOS, and watchOS. This vulnerability allows heap corruption when processing maliciously crafted mail messages. It affects multiple versions of iOS and iPadOS, as well as watchOS 6.2.5 and 5.3.7.

A vulnerability allowing out-of-bounds write operations has been identified in the Mail application across multiple Apple operating systems, including iOS 13.5, iPadOS 13.5, iOS 12.4.7, and watchOS 6.2.5. This vulnerability arises from insufficient bounds checking, which can be exploited by processing maliciously crafted mail messages. The exploitation of this vulnerability may lead to unexpected modifications in memory, application crashes, or heap corruption.

A cross-site scripting (XSS) vulnerability has been identified in Angular.js versions prior to 1.8.0. The issue arises from a regex-based HTML input replacement that can inadvertently convert sanitized code into an unsanitized form. This vulnerability can be exploited by wrapping '<option>' elements within '<select>' elements, which alters the way the code is parsed and potentially reintroduces harmful scripts.

A vulnerability exists in the Ignition component for Laravel, specifically in versions prior to 2.0.5 and in the 1.x series versions 1.16.15 and earlier. The issue arises from improper handling of global variables, including globals, _get, _post, _cookie, and _env. This mismanagement can lead to unintended consequences, although the specific impacts are not detailed.

A memory consumption vulnerability allowing arbitrary code execution with kernel privileges has been identified in multiple Apple products, including iOS, iPadOS, macOS, watchOS, and tvOS. This issue arises from inadequate memory management, leading to excessive memory usage. The vulnerability has been addressed in iOS 13.5.1, iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6.

A command injection vulnerability has been identified in Apache Kylin versions 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, and 3.0.1. This vulnerability arises from certain RESTful APIs that concatenate user input with operating system commands, executing them on the server without proper validation. As a result, users may be able to execute arbitrary OS commands remotely.

A cross-site scripting (XSS) vulnerability has been identified in jQuery. This issue affects versions greater than or equal to 1.0.3 and prior to 3.5.0. The vulnerability arises when HTML containing <option> elements from untrusted sources is passed to jQuery's DOM manipulation methods, such as .html() or .append(). Even if the HTML is sanitized, it may still execute untrusted code. This vulnerability is particularly concerning because it can be exploited through common jQuery methods that manipulate the DOM.

A cross-site scripting (XSS) vulnerability has been identified in the Ceph Object Gateway (RADOS Gateway) within the Amazon S3 interface. This issue arises from the improper handling of untrusted input, allowing anonymous users to send requests that could be exploited to inject malicious scripts into objects. The vulnerability affects all versions of Ceph Object Gateway up to the latest release.

A vulnerability exists in Divante vue-storefront-api versions through 1.11.1 and in storefront-api versions through 1.0-rc.1. When unexpected HTTP requests are received, the applications respond with an exception that reveals the error stack trace, including absolute file paths and Node.js module names. This issue was merged into the develop branch of both repositories.

A vulnerability exists in Istio versions through 1.5.1 and Envoy versions through 1.14.1, related to improper handling of HTTP/2 connection reuse when wildcard certificates are involved. This issue can lead to misrouted requests and unintended data exposure between applications hosted on different subdomains but the same IP address. The problem arises when a connection established for a wildcard domain is reused for a specific subdomain, causing requests to be sent to the wrong application.

A directory traversal vulnerability has been identified in the Snap Creek Duplicator WordPress plugin, affecting versions prior to 1.3.28, as well as Duplicator Pro versions prior to 3.8.7.1. The vulnerability allows unauthenticated users to traverse directories using '../' sequences in the 'file' parameter of the 'duplicator_download' or 'duplicator_init' actions, leading to arbitrary file read with the privileges of the web server.

A vulnerability exists in the Auth0.js library (NPM package auth0-js) in versions greater than 8.0.0 and prior to 9.12.3. When an authentication error occurs, the error object returned by the library includes the original user request, which may contain plaintext passwords. If this error object is exposed or logged without modification, there is a risk of password exposure.

A vulnerability allowing insecure direct object references has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. This issue could allow users to access or manipulate objects they should not have permission to.

A CSV injection vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. The issue arises because the plugin's data fields, which source information from various origins, lack proper input validation and sanitization before user data is exported. This oversight can be exploited by uploading a crafted Excel document that injects malicious CSV data.

A stored cross-site scripting vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions prior to 4.0.0. This vulnerability allows for the injection of malicious scripts that are executed on multiple pages within the WordPress site.

A stored cross-site scripting vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability resides within the settings page of the plugin, allowing attackers to inject malicious scripts that are executed when the page is viewed.

A cross-site request forgery (CSRF) vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability arises in the domain field, where the plugin lacks proper CSRF controls, allowing unauthorized actions to be performed on behalf of the user.

A denial-of-service vulnerability has been identified in F5 BIG-IP version 15.1.0.1. When the HTTP/3 QUIC profile is enabled, specially formatted HTTP/3 messages can cause the Traffic Management Microkernel (TMM) to crash and produce a core file. This disruption may lead to a temporary failure in processing traffic, causing TMM to restart. In high availability configurations, this issue can trigger a failover to the standby host.

A vulnerability in FrozenNode Laravel-Administrator versions through 5.0.12 allows unrestricted file uploads, leading to remote code execution. The issue arises in the image upload feature of the admin tips module, where PHP code can be embedded within a GIF image file with a .php extension. Although the application attempts to block such uploads, this restriction can be easily bypassed by manipulating the file upload request.

A vulnerability in CodeIgniter through version 4.0.0 allows remote attackers to gain unauthorized privileges by altering the Email ID sent to the 'Select Role of the User' page. This issue is reportedly linked to a custom module or plugin rather than the CodeIgniter framework itself, as the framework does not provide built-in authentication or user management features.

A deserialization vulnerability allowing remote code execution has been identified in Liferay Portal versions prior to 7.2.1 CE GA2. This vulnerability arises from the insecure handling of data in the JSON web services interface, allowing attackers to execute arbitrary code on the server.

A stack-based buffer overflow vulnerability has been identified in the Google Cloud Print implementation of certain Xerox printers, including the Phaser 3320 model with firmware version V53.006.16.000. This vulnerability allows an unauthenticated attacker to execute arbitrary code on the affected device. The issue arises from improper validation of the register parameters, which enables a buffer overflow when the action value is copied into a local variable using the memcpy() function.

A client-side AngularJS template injection vulnerability, which is a variant of Cross-Site Scripting (XSS), has been identified in the SAP Commerce SmartEdit Extension. This issue affects versions 6.6, 6.7, 1808, and 1811. The vulnerability arises from the exploitation of the templating capabilities of the Angular framework.

A vulnerability in Envoy's TLS inspector feature, present in versions prior to 1.13.0, allows for bypassing TLS client recognition by using only TLS 1.3. This occurs because the TLS extensions, such as Server Name Indication (SNI) and Application-Layer Protocol Negotiation (ALPN), were not inspected. As a result, connections could be incorrectly matched to a different filter chain, potentially bypassing certain security restrictions.

A vulnerability exists in CNCF Envoy versions prior to 1.13.0, related to improper access control when using the Secret Discovery Service (SDS) with a combined validation context. This issue arises because the same secret, such as a trusted Certificate Authority (CA), can be applied across multiple resources. When this occurs, resources configured after the initial secret reception may not apply the 'static' validation context rules, leading to a bypass of important security checks. The flaw allows for unauthorized access to services or impersonation of services, potentially escalating privileges.

A denial-of-service vulnerability has been identified in CNCF Envoy versions prior to 1.13.0. This issue arises in the HTTP/1 codec component, where Envoy can consume excessive memory when handling pipelined requests. The vulnerability is exploited by sending a TCP buffer filled with multiple HTTP requests. If the client reads the responses slowly, Envoy generates internal 400 error responses, which accumulate in the memory, leading to resource exhaustion. This issue bypasses Envoy's overload management, exacerbating the memory consumption problem.

A memory consumption vulnerability has been identified in CNCF Envoy versions prior to 1.13.0. When proxying HTTP/1.1 requests or responses that contain many small chunks (approximately 1 byte each), Envoy can use excessive amounts of memory. This occurs because Envoy allocates a separate buffer for each chunk, rounding up to the nearest 4KB, and fails to release empty chunks after the data has been committed. As a result, handling requests or responses with numerous small chunks can lead to a significant increase in memory usage, potentially two to three times more than the configured buffer limits. This issue has been acknowledged by the Envoy project and is being addressed in the official Envoy GitHub repository.

A memory corruption vulnerability has been identified in multiple Apple products, including iOS, iPadOS, macOS, tvOS, and watchOS. This vulnerability could allow an application to execute arbitrary code with kernel privileges. The issue arises from improper memory handling, which has been addressed in the latest updates for each operating system.

A vulnerability has been identified in Apache Tomcat that allows for AJP request injection and potential remote code execution. This issue affects Apache Tomcat versions 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50, and 7.0.0 to 7.0.99. The vulnerability arises because Tomcat AJP connectors, which are enabled by default and listen on all IP addresses, are treated with higher trust than HTTP connections. If an AJP port is accessible to untrusted users, an attacker can exploit this to bypass security checks, authentication, and execute arbitrary files as JSPs, potentially leading to remote code execution.

A cross-site scripting (XSS) vulnerability has been identified in Amazon AWS JavaScript S3 Explorer (aws-js-s3-explorer) version 2 alpha prior to August 2, 2019. The issue arises in explorer.js, where user input is not properly sanitized, allowing for the injection of malicious scripts under certain conditions.

A denial-of-service vulnerability has been identified in F5 BIG-IP Virtual Edition (VE) instances running versions 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2. When these instances process specially crafted traffic with the default 'xnet' driver, they may experience a Traffic Management Microkernel (TMM) restart. This issue does not affect BIG-IP VEs in other virtual environments or hardware appliances.

A cross-site scripting (XSS) vulnerability has been identified in the Auth0 wp-auth0 plugin for WordPress, specifically in versions 3.11.x prior to 3.11.3. The issue arises from a wle parameter related to the wp-login.php file, allowing for the injection of malicious scripts.

A cross-site scripting (XSS) vulnerability exists in Auth0 Lock versions prior to 11.21.0. The issue arises when the 'additionalSignUpFields' feature is used with an untrusted placeholder, allowing for the injection of malicious scripts.

A remote code execution vulnerability exists in Angular Expressions versions prior to 1.0.1. The issue arises when user-controlled input is passed to the `expressions.compile()` function. In a browser environment, this could allow an attacker to execute arbitrary scripts. On the server side, any JavaScript expression could be executed, leading to remote code execution.

A stored client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression, escaping the Angular sandbox to achieve stored cross-site scripting. The consequence of this vulnerability could lead to privilege escalation.

A reflected client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression that escapes the Angular sandbox, potentially leading to stored cross-site scripting (XSS) attacks.

A vulnerability in EllisLab CodeIgniter version 2.1.2 allows remote attackers to bypass the xss_clean() filter, potentially leading to cross-site scripting (XSS) attacks.

A SQL injection filter bypass vulnerability has been identified in Imperva SecureSphere Web Application Firewall (WAF) versions prior to August 12, 2010. This vulnerability allows attackers to evade SQL injection protections by exploiting a typo in the WAF's SQL injection detection rules. The bypass is achieved by appending a crafted string that manipulates the WAF's filtering mechanism, enabling potentially malicious SQL injection payloads to be processed without detection.

A cross-site scripting (XSS) vulnerability exists in all Angular versions prior to 1.5.0-beta.0. This issue arises because the framework does not properly sanitize 'xlink:href' attributes, allowing malicious scripts to be injected and executed in the context of the user.

A remote code execution vulnerability has been identified in Apache Solr versions 5.0.0 through 8.3.1. The issue arises in the VelocityResponseWriter component, where an attacker can exploit custom Velocity templates. While parameter-provided templates are disabled by default, they can be enabled by configuring 'params.resource.loader.enabled' to true, allowing the execution of malicious templates. This vulnerability is particularly concerning as it has been reported to cause crashes in the Solr process, leading to service disruptions.