/home
/vulns
/feeds
/links
/books
/docs
/htb
/about
/contact

vulns

by zer0x0ne — on rss , infosec 02 May 2021

Vulnerability Notes

CVE-2024-52872 | Flagsmith up to 2.134.0 get_document permission
CVE-2024-52871 | Flagsmith up to 2.134.0 Setting access control
CVE-2024-52876 | Drone Go2 Mobile Application up to 1.1.7 Holy Stone Remote ID Module HSRID01 denial of service
CVE-2024-52867 | GNU Guix guix-daemon Local Privilege Escalation
CVE-2024-52410 | Phoenixheart Referrer Detector Plugin up to 4.2.1.0 on WordPress deserialization
CVE-2024-52404 | Bigfive CF7 Reply Manager Plugin up to 1.2.3 on WordPress unrestricted upload
CVE-2024-52415 | Skpstorm SK WP Settings Backup Plugin up to 1.0 on WordPress cross-site request forgery
CVE-2024-52409 | Phan An AJAX Random Posts Plugin up to 0.3.3 on WordPress deserialization
CVE-2024-52416 | Eugen Bobrowski Debug Tool Plugin up to 2.2 on WordPress authorization
CVE-2024-52400 | Subhasis Laha Gallerio Plugin up to 1.01 on WordPress unrestricted upload
CVE-2024-52412 | Stephen Cui Xin Plugin up to 1.0.8.1 on WordPress deserialization
CVE-2024-52413 | DMC Airin Blog Plugin up to 1.6.1 on WordPress deserialization
CVE-2024-52407 | codeSavory BasePress Migration Tools Plugin up to 1.0.0 on WordPress unrestricted upload
CVE-2024-52405 | Bikram Joshi B-Banner Slider Plugin up to 1.1 on WordPress unrestricted upload
CVE-2024-52414 | Anthony Carbon WDES Responsive Mobile Menu Plugin up to 5.3.18 on WordPress deserialization
CVE-2024-52411 | Flowcraft UX Design Studio Advanced Personalization Plugin up to 1.1.2 on WordPress deserialization
CVE-2024-52397 | Davor Zeljkovic Convert Docx2post Plugin up to 1.4 on WordPress unrestricted upload
CVE-2024-52399 | Clarisse K. Writer Helper Plugin up to 3.1.6 on WordPress unrestricted upload
CVE-2024-52403 | WPExperts User Management Plugin up to 1.1 on WordPress unrestricted upload
CVE-2024-52386 | RadiusTheme Classified Listing Plugin up to 3.1.15.1 on WordPress filename control
CVE-2024-52408 | Team PushAssist Push Notifications Plugin up to 3.0.8 on WordPress unrestricted upload
CVE-2024-48962 | Apache OFBiz up to 18.12.16 URL Parameter code injection
CVE-2024-41151 | Apache HertzBeat up to 1.6.0 Notice Template deserialization
CVE-2024-45505 | Apache HertzBeat up to 1.6.0 command injection
CVE-2024-47208 | Apache OFBiz up to 18.12.16 Groovy Expression server-side request forgery
CVE-2024-45791 | Apache Hertzbeat up to 1.6.0 Query String information disclosure
CVE-2024-10592 | Mapster WP Maps Plugin up to 1.6.0 on WordPress cross site scripting
CVE-2024-10645 | Blogger 301 Redirect Plugin up to 2.5.3 on WordPress br sql injection
CVE-2024-11094 | 404 Solution Plugin up to 2.35.17 on WordPress information disclosure
CVE-2024-9887 | Login Using WordPress Users Plugin up to 1.15.6 on WordPress sql injection
CVE-2024-50983 | FlightPath 7.5 Last Name Section cross site scripting
CVE-2017-13314 | Google Android 7/8/8.1 NetworkManagementService.java setAllowOnlyVpnForUids permission
CVE-2024-10883 | SimpleForm Plugin up to 2.2.0 on WordPress add_query_arg/remove_query_arg cross site scripting
CVE-2024-11263 | zephyrproject-rtos Zephyr up to 3.7 Global Pointer privilege context switching error (GHSA-jjf3-7x72-pqm9)
CVE-2017-13313 | Google Android 6/6.0.1/7/8/8.1 ESQueue.cpp dequeueAccessUnitMPEG4Video resource consumption
CVE-2024-10614 | ivole Customer Reviews for WooCommerce Plugin up to 5.61.0 on WordPress cancel_import authorization
CVE-2024-10728 | wpxpo Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX Plugin Installation install_required_plugin_callback authorization
CVE-2024-8856 | revmakx Backup and Staging by WP Time Capsule Plugin up to 1.22.21 on WordPress UploadHandler.php unrestricted upload
CVE-2017-13312 | Google Android 8 MediaCas.java createFromParcel input validation
CVE-2017-13311 | Google Android 7/8/8.1 ProcessStats.java read permission
CVE-2017-13310 | Google Android 6.0./6.0.1/7/8/8.1 ViewPager.java createFromParcel permission
CVE-2024-51764 | HPE SGI CXFS local/cluster improper authorization
CVE-2024-51765 | HPE Cray System Management Software prior COS-2.5.146/COS 23.11.1/CLE 7.0.UP04.PS19 improper authorization
CVE-2024-38370 | GLPI up to 10.0.15 API improper authorization
CVE-2024-9500 | Autodesk Installer 2.10.0.17 DLL privileges management
CVE-2024-49592 | McAfee Trial Installer 16.0.53 access control
CVE-2024-49060 | Microsoft Azure Stack HCI 22H2/23H2 hard-coded credentials
CVE-2024-11217 | Red Hat OpenShift Container Platform 4 OAuth-server Log debug messages revealing unnecessary information
CVE-2024-45609 | GLPI up to 10.0.16 Reports Page cross site scripting (GHSA-3j2f-3j4v-hppr)
CVE-2017-13309 | Google Android 8.1 ConscryptEngine.java readEncryptedData information disclosure
CVE-2024-45611 | GLPI up to 10.0.16 RSS Feed cross site scripting
CVE-2024-45610 | GLPI up to 10.0.16 Cable Form cross site scripting
CVE-2024-44758 | NUS-M9 ERP Management Software 3.0.0 /Production/UploadFile unrestricted upload
CVE-2024-3334 | Digital Guardian Agent up to 8.1.0 on Windows Removable Media sensitive information
CVE-2024-24458 | Athonet vEPC MME 11.4.0 PLMN Identity denial of service
CVE-2024-24455 | Athonet vEPC MME 11.4.0 UE Context Release Message denial of service
CVE-2024-44759 | NUS-M9 ERP Management Software 3.0.0 Interface Request /Doc/DownloadFile information disclosure
CVE-2024-24457 | Athonet vEPC MME 11.4.0 ProtocolIE_ID denial of service
CVE-2024-24459 | Athonet vEPC MME 11.4.0 S1Setup Request Message ProtocolIE_ID denial of service
CVE-2024-24453 | Athonet vEPC MME 11.4.0 NotToBeModifiedBearerModInd ProtocolIE_ID denial of service
CVE-2024-24452 | Athonet vEPC MME 11.4.0 ProtocolIE_ID denial of service
CVE-2024-49536 | Adobe Audition up to 23.6.9/24.4.6 out-of-bounds (apsb24-83)
CVE-2024-10934 | OpenBSD up to 7.4 Errata 020/7.5 Errata 007 NFS Client/NFS Server double free
CVE-2024-51037 | kalcaddle kodbox up to 1.52.04 Captcha information disclosure
CVE-2024-24431 | Open5GS 2.7.0 EMM Message ogs_nas_emm_decode denial of service
CVE-2024-41679 | GLPI up to 10.0.16 Ticket Form sql injection
CVE-2024-23169 | RSA NetWitness 11.7.2.0 Web Interface cross site scripting
CVE-2024-51141 | Totolink Bluetooth Wireless Adapter A600UB WifiAutoInstallDriver.exe Local Privilege Escalation
CVE-2024-43418 | GLPI up to 10.0.16 cross site scripting
CVE-2024-45608 | GLPI up to 10.0.16 sql injection
CVE-2024-43417 | GLPI up to 10.0.16 cross site scripting
CVE-2024-51330 | Ultimaker Cura up to 4.41/5.8.1 Inter-Process Communication stack-based overflow
CVE-2024-51142 | Chamilo LMS 1.11.26 storageapi.php svkey cross site scripting
CVE-2024-24426 | OpenAirInterface Magma/OAI EPC Federation NGAP Packet NGAP_FIND_PROTOCOLIE_BY_ID denial of service
CVE-2024-24446 | OpenAirInterface CN5G AMF up to 2.0.0 InitialContextSetupResponse uninitialized pointer
CVE-2024-45970 | MZ Automation LibIEC61850 MMS Client stack-based overflow
CVE-2024-45969 | MZ Automation LibIEC1850 null pointer dereference
CVE-2024-24425 | Magma/OAI EPC Federation NAS Packet /tasks/amf/amf_as.cpp amf_as_establish_req out-of-bounds
CVE-2024-45971 | MZ Automation LibIEC61850 MMS Client stack-based overflow
CVE-2024-50800 | Smart4Web prior 5.020241004 error cross site scripting
CVE-2024-41678 | GLPI up to 10.0.16 cross site scripting (GHSA-xwmx-mmrf-hqf9)
CVE-2024-40638 | GLPI up to 10.0.16 sql injection (GHSA-8843-r3m7-gfqx)
CVE-2024-24449 | OpenAirInterface CN5G AMF up to 2.0.0 NasPdu NasPdu::NasPdu uninitialized pointer
CVE-2024-24447 | OpenAirInterface oai-cn5g-amf up to 2.0.0 buffer overflow
CVE-2024-24450 | OpenAirInterface CN5G AMF up to 2.0.0 ngap_handle_pdu_session_resource_setup_response buffer overflow
CVE-2024-50655 | Emlog Pro up to 2.3.18 Article cross site scripting
CVE-2024-44625 | Gogs up to 0.13.0 editor.go editFilePost path traversal
CVE-2024-46383 | Hathway Skyworth Router CM5100-511 4.1.1.24 information disclosure
CVE-2024-52512 | Nextcloud user_oidc up to 6.0.x redirect (GHSA-784j-x2g5-4g7q)
CVE-2024-52509 | Nextcloud Mail up to 2.2.9/3.6.1/3.7.1 access control (GHSA-pwpp-fvcr-w862)
CVE-2024-52508 | Nextcloud Mail up to 1.14.5/1.15.3/2.2.10/3.6.2/3.7.6 information disclosure (GHSA-vmhx-hwph-q6mc)
CVE-2024-52522 | Rclone up to 1.68.1 permissions (GHSA-hrxh-9w67-g4cv)
CVE-2024-52507 | Nextcloud Tables up to 0.8.0 authorization (GHSA-rgvc-xr2w-qq45)
CVE-2024-47759 | GLPI up to 10.0.16 SVG cross site scripting (GHSA-474f-9vpp-xxq5)
CVE-2024-52511 | Nextcloud Tables up to 0.7.x authorization (GHSA-4qqp-9h2g-7qg7)
CVE-2024-52510 | Nextcloud Desktop Client up to 3.14.1 certificate validation (GHSA-r4qc-m9mj-452v)
CVE-2024-46465 | CRYHOD up to 2024.3 on Windows access control

All content copyright zer0x0ne © All rights reserved.