Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4326 | 2024-05-16 | N/A | 9.8 CRITICAL | ||
| A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enforcement. This issue was addressed in version 9.5. | |||||
| CVE-2024-1488 | 2024-05-08 | N/A | 8.0 HIGH | ||
| A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | |||||
| CVE-2023-6154 | 2024-04-01 | N/A | 7.8 HIGH | ||
| A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. | |||||
| CVE-2024-23639 | 1 Objectcomputing | 1 Micronaut | 2024-02-16 | N/A | 7.8 HIGH |
| Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade. | |||||
| CVE-2023-50252 | 1 Dompdf | 1 Php-svg-lib | 2024-02-05 | N/A | 9.8 CRITICAL |
| php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` attribute from the `<use>` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. | |||||
| CVE-2023-3321 | 1 Abb | 1 Zenon | 2024-02-05 | N/A | 8.8 HIGH |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | |||||
| CVE-2023-32349 | 1 Teltonika-networks | 36 Rut200, Rut200 Firmware, Rut240 and 33 more | 2024-02-04 | N/A | 8.8 HIGH |
| Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. | |||||
| CVE-2021-38453 | 1 Auvesy | 1 Versiondog | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Some API functions allow interaction with the registry, which includes reading values as well as data modification. | |||||