The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-29137 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7. | -- | Mar 19, 2024 | n/a |
| CVE-2024-29138 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in DEV Institute Restrict User Access – Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through 2.5. | -- | Mar 19, 2024 | n/a |
| CVE-2024-29139 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mark Tilly MyCurator Content Curation allows Reflected XSS.This issue affects MyCurator Content Curation: from n/a through 3.76. | -- | Mar 19, 2024 | n/a |
| CVE-2024-29140 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22. | -- | Mar 19, 2024 | n/a |
| CVE-2024-29141 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. | -- | Mar 19, 2024 | n/a |
| CVE-2024-29142 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0. | -- | Mar 19, 2024 | n/a |
| CVE-2024-29143 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2. | -- | Mar 19, 2024 | n/a |
| CVE-2024-29151 | Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. | -- | Mar 18, 2024 | n/a |
| CVE-2024-29154 | danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. | -- | Mar 18, 2024 | n/a |
| CVE-2024-29156 | In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service\'s MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information. | -- | Mar 18, 2024 | n/a |
| CVE-2024-29167 | SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | -- | Apr 4, 2024 | n/a |
| CVE-2024-29179 | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks. | -- | Mar 26, 2024 | n/a |
| CVE-2024-29180 | Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer\'s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack. Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer\'s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing. | -- | Mar 21, 2024 | n/a |
| CVE-2024-29182 | Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user\'s browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected. | -- | Apr 4, 2024 | n/a |
| CVE-2024-29183 | OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account. | -- | Apr 19, 2024 | n/a |
| CVE-2024-29184 | FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts that will be executed when other users access the affected page. In this case, the Support Agent User can inject malicious scripts into their signature, which will then be executed when viewed by the Administrator. The application protects users against XSS attacks by enforcing a CSP policy, the CSP Policy is: `script-src \'self\' \'nonce-abcd\' `. The CSP policy only allows the inclusion of JS files that are present on the application server and doesn\'t allow any inline script or script other than nonce-abcd. The CSP policy was bypassed by uploading a JS file to the server by a POST request to /conversation/upload endpoint. After this, a working XSS payload was crafted by including the uploaded JS file link as the src of the script. This bypassed the CSP policy and XSS attacks became possible. The impact of this vulnerability is severe as it allows an attacker to compromise the FreeScout Application. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. Alternatively, the attacker can elevate the privileges of a low-privileged user to Administrator, further compromising the security of the application. Attackers can steal sensitive information such as login credentials, session tokens, personal identifiable information (PII), and financial data. The vulnerability can also lead to defacement of the Application. Version 1.8.128 contains a patch for this issue. | -- | Mar 22, 2024 | n/a |
| CVE-2024-29185 | FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue. | -- | Mar 22, 2024 | n/a |
| CVE-2024-29186 | Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the `Riverline/multipart-parser` library. The library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value. Precisely, the `mb_convert_encoding` function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value. An attacker could send specifically crafted requests which would force the server into performing long operations with a consequent long billed duration. The attack has the following requirements and limitations: The Lambda should use the Event-Driven Function runtime and the `RequestHandlerInterface` handler and should implement at least an endpoint accepting POST requests; the attacker can send requests up to 6MB long (this is enough to cause a billed duration between 400ms and 500ms with the default 1024MB RAM Lambda image of Bref); and if the Lambda uses a PHP runtime <= php-82, the impact is higher as the billed duration in the default 1024MB RAM Lambda image of Bref could be brought to more than 900ms for each request. Notice that the vulnerability applies only to headers read from the request body as the request header has a limitation which allows a total maximum size of ~10KB. Version 2.1.17 contains a fix for this issue. | -- | Mar 22, 2024 | n/a |
| CVE-2024-29187 | WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\\Windows\\Temp to drop and load multiple binaries. Standard users can hijack the binary before it\'s loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5. | -- | Mar 25, 2024 | n/a |
| CVE-2024-29188 | WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX\'s `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5. | -- | Mar 25, 2024 | n/a |
| CVE-2024-29189 | PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12. | -- | Mar 26, 2024 | n/a |
| CVE-2024-29190 | Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization\'s infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. | -- | Mar 25, 2024 | n/a |
| CVE-2024-29191 | gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue. | -- | Apr 4, 2024 | n/a |
| CVE-2024-29192 | gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The `/api/config` endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an attacker may be able to achieve that depending on how go2rtc is set up on the upstream application, and given that this endpoint is not protected against CSRF, it allows requests from any origin (e.g. a drive-by attack) . The `exec` handler allows for any stream to execute arbitrary commands. An attacker may add a custom stream through `api/config`, which may lead to arbitrary command execution. In the event of a victim visiting the server in question, their browser will execute the requests against the go2rtc instance. Commit 8793c3636493c5efdda08f3b5ed5c6e1ea594fd9 adds a warning about secure API access. | -- | Apr 4, 2024 | n/a |
| CVE-2024-29193 | gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API (`[0]`) in the client side. Then, it uses `Object.entries` to iterate over the result (`[1]`) whose first item (`name`) gets appended using `innerHTML` (`[2]`). In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc’s origin. As of time of publication, no patch is available. | -- | Apr 4, 2024 | n/a |
| CVE-2024-29194 | OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815. | -- | Mar 25, 2024 | n/a |
| CVE-2024-29195 | The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2. | -- | Mar 26, 2024 | n/a |
| CVE-2024-29196 | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6. | -- | Mar 26, 2024 | n/a |
| CVE-2024-29197 | Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1. | -- | Mar 26, 2024 | n/a |
| CVE-2024-29199 | Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9. | -- | Mar 26, 2024 | n/a |
| CVE-2024-29200 | Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0. | -- | Mar 28, 2024 | n/a |
| CVE-2024-29201 | JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer\'s Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | -- | Apr 1, 2024 | n/a |
| CVE-2024-29202 | JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer\'s Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | -- | Apr 1, 2024 | n/a |
| CVE-2024-29203 | TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1. | -- | Mar 26, 2024 | n/a |
| CVE-2024-29204 | A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | -- | Apr 19, 2024 | n/a |
| CVE-2024-29205 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. | -- | Apr 25, 2024 | n/a |
| CVE-2024-29216 | Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware. | -- | Mar 25, 2024 | n/a |
| CVE-2024-29217 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. | -- | Apr 22, 2024 | n/a |
| CVE-2024-29218 | Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. | -- | Apr 15, 2024 | n/a |
| CVE-2024-29219 | Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. | -- | Apr 15, 2024 | n/a |
| CVE-2024-29220 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | -- | Apr 11, 2024 | n/a |
| CVE-2024-29221 | Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the Add Members permission was explicitly removed from team admins. | -- | Apr 5, 2024 | n/a |
| CVE-2024-29225 | WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request. | -- | Apr 4, 2024 | n/a |
| CVE-2024-29227 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
| CVE-2024-29228 | Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | -- | Mar 28, 2024 | n/a |
| CVE-2024-29229 | Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | -- | Mar 28, 2024 | n/a |
| CVE-2024-29230 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
| CVE-2024-29231 | Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | -- | Mar 28, 2024 | n/a |
| CVE-2024-29232 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
| CVE-2024-29233 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
