CVE Catalog

A stack-based buffer overflow vulnerability has been identified in the Tenda W20E router, specifically in version 15.11.0.6. The issue arises in the 'formSetPortMirror' function within the file '/goform/setPortMirror'. The vulnerability allows remote attackers to manipulate the 'portMirrorMirroredPorts' argument, leading to a buffer overflow of a 256-byte stack buffer. This overflow can overwrite the saved Link Register, potentially causing a crash or allowing remote code execution.

A vulnerability in the Linux kernel's VKMS (virtual kernel mode setting) driver has been addressed. The issue involved the vblank timer implementation, which was replaced with a standard DRM (Direct Rendering Manager) version. The previous VKMS timer used a custom timeout mechanism that could lead to inaccuracies in vblank handling. The vulnerability affected the VKMS driver in the Linux kernel stable tree.

A vulnerability exists in OfflineIMAP versions prior to 8.0.3, where the application fails to properly enforce STARTTLS when the server does not explicitly advertise its availability. This oversight can lead to STRIPTLS attacks, allowing a man-in-the-middle to intercept the connection and capture account credentials in cleartext. The issue arises because OfflineIMAP relies on the server's capability list instead of enforcing user-configured security settings.

A denial-of-service vulnerability has been identified in Routinator versions prior to and including 0.15.1. When the application processes a file received via the Repository Remediation and Distribution Protocol (RRDP) that contains a specially crafted Document Type Definition (DTD), Routinator crashes.

A denial-of-service vulnerability has been identified in Routinator versions prior to and including 0.15.1. When a specifically crafted non-UTF-8 string is sent as the select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This issue only affects users who permit API access from untrusted networks.

A path traversal vulnerability has been identified in Routinator versions prior to and including 0.15.1. The issue arises because Routinator fails to properly validate the module component of rsync URIs. These URIs are used to generate file system paths for the Routinator cache. As a result, an attacker could craft a module name containing '..' to traverse directories, potentially gaining access to the entire Routinator rsync cache.

A denial-of-service vulnerability has been identified in NLnet Labs Routinator versions prior to and including 0.15.1. The issue arises because Routinator exits upon encountering any error while handling incoming HTTP or RTR connections. This includes recoverable errors, such as depleting available file descriptors. An attacker can exploit this vulnerability by opening a large number of connections to the HTTP or RTR server, causing Routinator to crash. This issue only affects users who expose their HTTP or RTR server to untrusted networks.

A vulnerability in the ninenines gun HTTP client, specifically in the gun_http module, allows a malicious HTTP server to disrupt the client's protocol handling. This is achieved by sending an unsolicited 101 Switching Protocols response, which the client accepts without proper validation. As a result, the connection is switched to raw protocol mode, abandoning HTTP framing. In this raw mode, the client can be overwhelmed with arbitrary data, leading to excessive memory consumption and crashing the Erlang VM. This issue affects gun versions 2.0.0 prior to 2.4.0.

A vulnerability in the gun_http module of ninenines gun, specifically in versions 1.0.0 prior to 2.4.0, allows a malicious server to exhaust client memory through unbounded HTTP/1.1 response buffering. The vulnerability arises because the module's response handling does not impose a limit on the size of the data buffered from incoming TCP streams. This flaw can be exploited by sending a partial response that never completes, causing the gun connection process to continuously append data to its buffer. As a result, a single malicious connection can lead to unbounded heap growth and a node-wide out-of-memory crash.

An origin validation error vulnerability has been identified in the ninenines gun HTTP/2 module, specifically in versions 2.0.0 prior to 2.4.0. This vulnerability allows cross-origin cookie injection through unvalidated HTTP/2 PUSH_PROMISE authority. The issue arises because the :authority pseudo-header from incoming PUSH_PROMISE frames is stored without validation, enabling malicious HTTP/2 servers to inject cookies into the client's shared cookie store. This could lead to session fixation attacks and potentially allow attackers to take over user accounts.

A stack-based buffer overflow vulnerability has been identified in the Tenda AC1206 router, specifically in version 15.03.06.23. The issue arises in the 'fromGstDhcpSetSer' CGI handler, where user-controlled 'username' and 'password' parameters are processed without proper length validation or sanitization. This vulnerability can be exploited by sending a crafted HTTP request to the 'fromGstDhcpSetSer' endpoint, causing a denial-of-service condition by crashing or rebooting the device. Additionally, this vulnerability could potentially be exploited for remote code execution.

A stored cross-site scripting vulnerability has been identified in QloApps versions through 1.7.0. This issue resides in the admin file manager, where authenticated administrators can upload malicious SVG files. These crafted files can include JavaScript event handlers, such as 'onload', which, when viewed by other users, execute arbitrary scripts in their browsers. This vulnerability exploits the fact that SVG files are accepted and later served in a way that allows script execution.

A vulnerability allowing improper authorization has been identified in the Bank Management System application developed with Spring Boot, specifically in versions up to commit 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. The issue resides in the Transaction Controller, where critical transaction endpoints `/transaction/deposit` and `/transaction/withdraw` are exposed to unauthenticated users. This lack of authentication and authorization checks enables unauthorized financial operations, such as deposits and withdrawals, based solely on knowledge of a valid card number and, for withdrawals, the corresponding CVV.

A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Inventory System version 1.0. The issue arises from an unknown functionality in the file header.php, allowing remote attackers to inject malicious scripts. The vulnerability is believed to be exploitable through multiple parameters.

A vulnerability allowing improper authorization has been identified in SourceCodester Inventory System version 1.0. The issue arises in the Account Creation Handler component, specifically within the file '/Product_Inventory/api/users_handler.php'. The vulnerability is triggered by manipulating the 'ROLE' argument, which could potentially be exploited remotely. This flaw could be used to bypass authorization controls, leading to unauthorized actions or access within the application.

A stored cross-site scripting vulnerability has been identified in SourceCodester Inventory System version 1.0. The issue resides in the User Management page (`users.php`), where the application fails to properly sanitize user input from the `fullname` and `username` fields before storing it in the database. This unsanitized data is later rendered in the admin panel, allowing for the execution of malicious scripts. The vulnerability can be exploited remotely and without authentication.

A buffer overflow vulnerability has been identified in UTT HiPER version 2610G, up to 3.0.0-171107. The issue arises in the 'strcpy' function within the '/goform/formConfigDnsFilterGlobal' file. By manipulating the 'GroupName' argument, an attacker can exploit this vulnerability remotely. The exploit has been publicly disclosed and may be actively used.

A buffer overflow vulnerability has been identified in UTT HiPER version 2610G, up to 3.0.0-171107. The issue arises in the 'strcpy' function within the '/goform/formNatStaticMap' file. Manipulating the 'NatBinds' argument can trigger the buffer overflow. This vulnerability has been made public and could be exploited.

A stored cross-site scripting vulnerability has been identified in Checkmk versions 2.5.0 prior to 2.5.0p5, 2.4.0 prior to 2.4.0p31, 2.3.0 prior to 2.3.0p48, and all 2.2.0 versions. This vulnerability allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into the check output. The injected script executes in the browser of an admin or a user with host read permissions when the check is run on the service discovery page.

A cross-site scripting (XSS) vulnerability has been identified in Checkmk versions 2.5.0 prior to 2.5.0p5, 2.4.0 prior to 2.4.0p31, 2.3.0 prior to 2.3.0p48, and all 2.2.0 versions. The issue arises from improper handling of HTML-encoded characters in the URL validation function, allowing authenticated users to bypass URL validation and inject malicious URLs, such as 'javascript:' URIs. This injection can lead to XSS when another user interacts with the crafted link.

A stored cross-site scripting vulnerability has been identified in Checkmk versions prior to 2.5.0p5, prior to 2.4.0p31, prior to 2.3.0p48, and all 2.2.0 versions. This vulnerability allows an administrator with the ability to change global settings to inject malicious HTML or JavaScript into changelog messages. The injected script executes in the browsers of other users when they access the Activate Changes page or the Audit log.

A vulnerability exists in Checkmk versions through 2.5.0p5 within the User Messages dashboard widget. The issue arises from incorrect authorization, allowing the message-fetching endpoints to return messages from the dashboard creator instead of the viewer. This flaw enables an attacker with knowledge of a valid public dashboard share token to access the issuer's personal messages by sending requests to the affected endpoint, even if the User Messages widget is not present on the dashboard.

A stored cross-site scripting vulnerability has been identified in the URL dashboard widget of Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions. This vulnerability allows users with dashboard editing permissions to save a URL containing a harmful URI scheme, such as 'javascript:'. When other users view the dashboard, the stored URL executes scripts in their browsers.

A privilege escalation vulnerability has been identified in Keycloak, specifically in the POST /admin/realms/{realm}/partialImport endpoint. This vulnerability arises from improper access control, allowing a limited administrator to bypass Fine-Grained Admin Permissions (FGAP). By exploiting this flaw, the administrator can escalate privileges to become a full realm administrator by importing users with realm-admin role mappings.

A vulnerability exists in SourceCodester Barangay Resident Profiling and Information Management System version 1.0, specifically within the Password Reset Handler component. The issue arises in the file password_reset.php, where the argument new_password can be manipulated to exploit a hard-coded password. This vulnerability can be exploited remotely.

A SQL injection vulnerability has been identified in the itsourcecode Hospital Management System version 1.0. The issue arises in the addpatient.php file, where the admissiontme parameter is not properly sanitized, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, but requires authentication.

A SQL injection vulnerability has been identified in the itsourcecode Hospital Management System version 1.0. The issue resides in the adminaccount.php file, where the 'date' parameter is not properly sanitized, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, but requires authentication.

A cross-site scripting (XSS) vulnerability has been identified in itsourcecode Hospital Management System version 1.0. The issue arises in the billing.php file, where the patientid parameter is not properly sanitized, allowing remote attackers to inject and execute arbitrary JavaScript in the context of the user's browser session. This vulnerability can be exploited without authentication by tricking a user into clicking a malicious link.

A vulnerability allowing HTML injection has been identified in Bolt CMS versions prior to 3.7.5. The issue arises in the HTML Attribute Handler, specifically within the file src/Storage/Field/Type/TextType.php. By manipulating the argument style, it is possible to inject HTML. This vulnerability can be exploited remotely and has been publicly disclosed. It affects unsupported products.

A vulnerability exists in the certificate validation process of the outdated IKEv1 key exchange, potentially allowing an unauthenticated attacker to act as a man-in-the-middle. This could enable the attacker to bypass certificate validation in VPN site-to-site connections that rely on certificate-based authentication. Exploitation of this vulnerability could lead to the interception or alteration of traffic passing through the VPN tunnel.

A logic flow vulnerability has been identified in Check Point's Remote Access and Mobile Access VPN services, specifically within the deprecated IKEv1 key exchange protocol. This vulnerability allows an unauthenticated remote attacker to bypass user authentication and establish a VPN connection without a valid password. The issue arises from improper certificate validation, creating a loophole that can be exploited to gain unauthorized access.

A vulnerability exists in the iOS version of the Apache Cordova InAppBrowser plugin, specifically in versions 3.1.0 prior to 6.0.0. The issue arises because the plugin does not validate the format of the 'id' field in messages from the WKScriptMessage body before passing it to the command delegate. This lack of validation allows any web content loaded in the InAppBrowser to manipulate Cordova callbacks by sending messages with guessable or enumerated callback IDs. An attacker could exploit this vulnerability by targeting specific plugins and callback IDs used by the host application. Knowledge of common Cordova plugin configurations could enable the creation of reusable payloads for widely-used plugins.

A stored cross-site scripting vulnerability has been identified in the Recipe Card Blocks Lite plugin for WordPress, affecting all versions through 3.4.13. The issue arises in the recipe block's 'summary' and 'notes' attributes, where the 'WPZOOM_Helpers::deserialize_block_attributes' method improperly handles unicode-encoded sequences. This flaw allows authenticated attackers with Author-level access or higher to inject arbitrary scripts into published posts, which are executed when a user views the post or the print version of the recipe.

A stored cross-site scripting vulnerability has been identified in Red Hat Quay. The issue arises in the filedrop endpoint, which accepts any mime type without proper validation. This flaw allows authenticated users with repository write access to upload malicious SVG files containing JavaScript. Once uploaded, these files are stored and served through the CDN. When a victim accesses the archive URL, the SVG is rendered inline, and the embedded JavaScript is executed.

A SQL injection vulnerability has been identified in CodeAstro Leave Management System version 1.0, specifically in the file '/admin/add_leave.php'. This vulnerability allows remote attackers to manipulate the 'type_of_leave' parameter, injecting malicious SQL code that could be executed by the database. The lack of proper input validation and sanitization enables this exploitation, potentially leading to unauthorized database access, data manipulation, and leakage of sensitive information.

A SQL injection vulnerability has been identified in CodeAstro Leave Management System version 1.0. The issue arises in the file '/admin/search_staff_for_updation.php', where improper handling of the 'Name' argument allows for SQL injection. This vulnerability can be exploited remotely.

A SQL injection vulnerability has been identified in CodeAstro Leave Management System version 1.0. The issue resides in the file '/admin/search_staff_to_assign_pc.php', where the 'name' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A SQL injection vulnerability has been identified in CodeAstro Leave Management System version 1.0. The issue resides in the file '/admin/delete_leave_type.php', where the 'leave_type' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A SQL injection vulnerability has been identified in CodeAstro Leave Management System version 1.0. The issue resides in the file '/admin/search_staff_for_deletion.php', where the 'name' parameter is manipulated, allowing for remote exploitation. The vulnerability arises from inadequate input validation, enabling attackers to inject malicious SQL queries that could be executed by the database.

A vulnerability exists in GL.iNet router models A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000, and XE3000, all running firmware version 4.8.x. The issue arises from a hard-coded cryptographic key in the glnassys component, which can be exploited remotely. This flaw allows unauthorized access to network storage-related interfaces, potentially leading to command execution. The vulnerability requires a high level of complexity to exploit.

A stack-based buffer overflow vulnerability has been identified in the Tenda CX12L router, specifically in the Wi-Fi schedule configuration endpoint '/goform/openSchedWifi' on firmware version 16.03.53.12. The vulnerability arises in the 'setSchedWifi' function, where user-controlled parameters 'schedStartTime' and 'schedEndTime' are copied into a fixed-size heap-allocated buffer without proper length validation. This oversight allows for memory corruption, potentially leading to a denial-of-service condition or arbitrary code execution.

A path traversal vulnerability has been identified in Bagisto version 2.4.1. This issue arises from inadequate validation of user input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter, potentially accessing sensitive files outside the intended directory on the targeted system. Successful exploitation could lead to the unauthorized reading of arbitrary files, including application configuration files, database credentials, API keys, and other sensitive information.

A stack-based buffer overflow vulnerability has been identified in the Tenda CX12L router, specifically in the Wi-Fi configuration endpoint '/goform/fast_setting_wifi_set' within the firmware version 16.03.53.12. The vulnerability arises in the 'form_fast_setting_wifi_set' function, where the user-controlled 'ssid' parameter is processed into a fixed-size stack buffer. The use of the unsafe 'sprintf' function without proper length validation allows an attacker to send an overly long SSID, overwriting adjacent stack data. This exploitation can lead to a crash of the device management interface or potentially allow for arbitrary code execution with root privileges.

A vulnerability allowing open redirects has been identified in JeecgBoot versions through 3.9.2. The issue arises in the Third-Party Login component, specifically within the HttpServletResponse.sendRedirect function of the ThirdLoginController. The vulnerability is rooted in the improper validation of the user-controlled state parameter in the OAuth2 login and callback endpoints, allowing attackers to redirect users to arbitrary URLs. This manipulation could lead to the leakage of sensitive information, such as JWT tokens, and potentially facilitate account takeover.

A SQL injection vulnerability has been identified in SourceCodester Hospitals Patient Records Management System version 1.0. The issue arises in the file '/classes/Master.php?f=save_patient', where insufficient validation of the 'id' parameter allows attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

An authorization bypass vulnerability has been identified in Weaviate versions prior to 1.37.7. The issue arises in the Static API Key Handler component, specifically within the validateConfig function of the file usecases/auth/authentication/apikey/client.go. The vulnerability allows for duplicate static API keys to be configured for different users, leading to privilege confusion. When the same key is assigned to multiple users, Weaviate authenticates based on the first matching entry, potentially granting unauthorized access to admin privileges. This vulnerability can be exploited remotely, although the attack complexity is considered high.

Multiple stored cross-site scripting vulnerabilities have been identified in VMware Cloud Foundation Operations. A malicious actor with the ability to create policies, views, or text widgets could inject scripts that perform administrative actions within the application.

Multiple stored cross-site scripting vulnerabilities have been identified in VMware Cloud Foundation Operations. A malicious actor with the ability to create policies, views, or text widgets could inject scripts to execute administrative actions within the application. These vulnerabilities are present in VMware Cloud Foundation version 5.x, as well as in VMware Cloud Foundation Operations component of VMware Cloud Foundation 9.0.x.x and 9.1.x.x, and in VMware Aria Operations 8.x.

Multiple stored cross-site scripting vulnerabilities have been identified in VMware Cloud Foundation Operations. A malicious actor with the ability to create policies, views, or text widgets could inject scripts to execute administrative actions within the application. These vulnerabilities are present in VMware Cloud Foundation 9.0.x.x, 9.1.x.x, and VMware Aria Operations versions 8.x.

A denial-of-service vulnerability has been identified in the WINS server component of Samba when it is configured as an Active Directory Domain Controller. The issue arises because the WINS protocol handlers for certain request types fail to properly validate incoming packets. This flaw allows an unauthenticated remote attacker to send specially crafted UDP packets that trigger a NULL pointer dereference, causing the WINS service to crash. Although the service may automatically restart, the vulnerability can be easily exploited repeatedly, leading to continuous unavailability of the WINS service.