The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-26140 | com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. No known workarounds exist. | -- | Feb 20, 2024 |
| CVE-2024-26141 | Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1. | -- | Feb 23, 2024 |
| CVE-2024-26142 | Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. | -- | Feb 28, 2024 |
| CVE-2024-26143 | Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in _html, a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1. | -- | Feb 29, 2024 |
| CVE-2024-26144 | Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user\'s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7. | -- | Feb 28, 2024 |
| CVE-2024-26145 | Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a workaround, one may use post visibility to limit access. | -- | Feb 22, 2024 |
| CVE-2024-26146 | Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1. | -- | Feb 23, 2024 |
| CVE-2024-26147 | Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic. | -- | Feb 22, 2024 |
| CVE-2024-26148 | Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook\'s rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of `javascript:` protocol which can potentially trigger arbitrary client-side execution. The most extreme exploit of this flaw could occur when an admin user unknowingly clicks on a cross-site scripting URL, thereby unintentionally compromising admin role access to the attacker. A patch to rectify this issue has been introduced in Querybook version `3.31.1`. The fix is backward compatible and automatically fixes existing DataDocs. There are no known workarounds for this issue, except for manually checking each URL prior to clicking on them. | -- | Feb 22, 2024 |
| CVE-2024-26149 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions. | -- | Feb 26, 2024 |
| CVE-2024-26150 | `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10. | -- | Feb 23, 2024 |
| CVE-2024-26151 | The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of `FelixSchwarz/mjml-python` who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like `<script>` would be rendered as `<script>` in the final HTML output. The attacker must be able to control some data which is later injected in an mjml template which is then send out as email to other users. The attacker could control contents of email messages sent through the platform. The problem has been fixed in version 0.11.0 of this library. Versions before 0.10.0 are not affected by this security issue. As a workaround, ensure that potentially untrusted user input does not contain any sequences which could be rendered as HTML. | -- | Feb 23, 2024 |
| CVE-2024-26152 | ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, resulting in an XSS vulnerability. ### Details Need permission to use the data import function. This was reproduced on Label Studio 1.10.1. ### PoC 1. Create a project.  2. Upload a file containing the payload using the Upload Files function.   The following are the contents of the files used in the PoC ``` { data: { prompt: labelstudio universe image, images: [ { value: id123#0, style: margin: 5px, html: <img width=\'400\' src=\'https://labelstud.io/_astro/images-tab.64279c16_ZaBSvC.avif\' onload=alert(document.cookie)> } ] } } ``` 3. Select the text-to-image generation labeling template of Ranking and scoring   4. Select a task  5. Check that the script is running  ### Impact Malicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, especially when linked to social engineering. | -- | Feb 23, 2024 |
| CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26163 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | -- | Mar 14, 2024 |
| CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | -- | Mar 7, 2024 |
| CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26188 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | -- | Feb 26, 2024 |
| CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26192 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | -- | Feb 26, 2024 |
| CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability | -- | Apr 9, 2024 |
| CVE-2024-26196 | Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | -- | Mar 21, 2024 |
| CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | -- | Mar 12, 2024 |
| CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | -- | Mar 12, 2024 |
