Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Total 313380 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-49246 2024-10-18 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1.
CVE-2024-48924 2024-10-18 N/A N/A
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized. This is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability. ### Patches The following steps are required to mitigate this risk. 1. Upgrade to a version of the library where a fix is available. 1. Review the steps in [this previous advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf) to ensure you have your application configured for untrusted data. ### Workarounds If upgrading MessagePack to a patched version is not an option for you, you may apply a manual workaround as follows: 1. Declare a class that derives from `MessagePackSecurity`. 2. Override the `GetHashCollisionResistantEqualityComparer<T>` method to provide a collision-resistant hash function of your own and avoid calling `base.GetHashCollisionResistantEqualityComparer<T>()`. 3. Configure a `MessagePackSerializerOptions` with an instance of your derived type by calling `WithSecurity` on an existing options object. 4. Use your custom options object for all deserialization operations. This may be by setting the `MessagePackSerializer.DefaultOptions` static property, if you call methods that rely on this default property, and/or by passing in the options object explicitly to any `Deserialize` method. ### References - Learn more about best security practices when reading untrusted data with [MessagePack 1.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp/tree/v1.x#security) or [MessagePack 2.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp#security). - The .NET team's [discussion on hash collision vulnerabilities of their `HashCode` struct](https://github.com/GrabYourPitchforks/runtime/blob/threat_models/docs/design/security/System.HashCode.md). ### For more information If you have any questions or comments about this advisory: * [Start a public discussion](https://github.com/MessagePack-CSharp/MessagePack-CSharp/discussions) * [Email us privately](mailto:andrewarnott@live.com)
CVE-2024-3184 2024-10-18 N/A 5.9 MEDIUM
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).
CVE-2024-43609 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2024-10-17 N/A 6.5 MEDIUM
Microsoft Office Spoofing Vulnerability
CVE-2024-43497 1 Microsoft 1 Deepspeed 2024-10-17 N/A 7.8 HIGH
DeepSpeed Remote Code Execution Vulnerability
CVE-2024-43480 2 Linux, Microsoft 2 Linux Kernel, Azure Service Fabric 2024-10-17 N/A 6.6 MEDIUM
Azure Service Fabric for Linux Remote Code Execution Vulnerability
CVE-2024-48911 1 Thinkst 1 Opencanary 2024-10-17 N/A 7.8 HIGH
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.
CVE-2024-9687 1 Dueclic 1 Wp 2fa With Telegram 2024-10-17 N/A 8.8 HIGH
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.
CVE-2024-6757 1 Elementor 1 Website Builder 2024-10-17 N/A 4.3 MEDIUM
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts.
CVE-2024-43501 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-10-17 N/A 7.8 HIGH
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30117 1 Hcltech 1 Bigfix Platform 2024-10-17 N/A 5.3 MEDIUM
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
CVE-2024-43500 1 Microsoft 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more 2024-10-17 N/A 5.5 MEDIUM
Windows Resilient File System (ReFS) Information Disclosure Vulnerability
CVE-2024-43502 1 Microsoft 4 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 1 more 2024-10-17 N/A 7.1 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-9895 1 Zaytech 1 Smart Online Order For Clover 2024-10-17 N/A 5.4 MEDIUM
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-9944 1 Woocommerce 1 Woocommerce 2024-10-17 N/A 6.1 MEDIUM
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.
CVE-2024-21535 1 Quantizor 1 Markdown-to-jsx 2024-10-17 N/A 6.1 MEDIUM
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
CVE-2024-9971 1 Newtype 1 Flowmaster Bpm Plus 2024-10-17 N/A 8.8 HIGH
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
CVE-2024-9970 1 Newtype 1 Flowmaster Bpm Plus 2024-10-17 N/A 8.8 HIGH
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.
CVE-2024-43503 1 Microsoft 1 Sharepoint Server 2024-10-17 N/A 7.8 HIGH
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43506 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-10-17 N/A 7.5 HIGH
BranchCache Denial of Service Vulnerability