2025-06-21 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2023-46350 | n/a - n/a | SQL injection vulnerability in InnovaDeluxe “Manufacturer or supplier alphabetical search” (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2021-42143 | n/a - n/a | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. | CNA n/a CVSS3.1: 9.1 - CRITICAL | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2020-36771 | Cloudlinux OS - cagefs | CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. | CNA n/a CVSS3.1: 7.8 - HIGH | 0 1 2 3 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2020-36770 | n/a - n/a | pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root’s ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files. | CNA n/a CVSS3.1: 7.8 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2020-26628 | n/a - n/a | A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the ‘Edit Profile” page and triggered by another user visiting the profile. | CNA n/a CVSS3.1: 6.1 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2024-53298 | Dell - PowerScale OneFS | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. | CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2024-24916 | checkpoint - Check Point SmartConsole | Untrusted DLLs in the installer’s directory may be loaded and executed, leading to potentially arbitrary code execution with the installer’s privileges (admin). | CVSS3.1: 6.5 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | DLL-HiJacking | github |
This post is licensed under CC BY 4.0 by the author.