| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an "assume role" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resources, or move to a completely different identity provider. |
| Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.
|
| An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete. |
| An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. |
| An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. |
| cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. |
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. |
| Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. |
| Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. |
| PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. |
| VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. |
| Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.
Users are recommended to upgrade to version 1.3.0, which fixes the issue. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.
XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack.
Users are recommended to upgrade to version [1.3.0], which fixes the issue. |
| Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. |
| Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device. |
| Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue. |
| Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. |
| OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. |
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue.
|
