CWE-703
Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
CVE-2024-38482 (GCVE-0-2024-38482)
Vulnerability from cvelistv5 – Published: 2024-08-02 04:12 – Updated: 2024-08-02 17:38
VLAI
Summary
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
Severity
6.6 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022749… | vendor-advisory |
Date Public
2024-08-01 06:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T17:38:10.800621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T17:38:31.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudLink",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank B4gpipe for reporting this issue."
}
],
"datePublic": "2024-08-01T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database."
}
],
"value": "CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:12.391Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227493/dsa-2024-343-security-update-for-dell-cloudlink-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38482",
"datePublished": "2024-08-02T04:12:12.391Z",
"dateReserved": "2024-06-18T01:53:34.135Z",
"dateUpdated": "2024-08-02T17:38:31.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39514 (GCVE-0-2024-39514)
Vulnerability from cvelistv5 – Published: 2024-07-10 23:05 – Updated: 2024-08-02 04:26
VLAI
Title
Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.
This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.
This issue affects Junos OS:
* All versions before 20.4R3-S10,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
Severity
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA82980 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S10
(semver)
Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 20.4R3-S10-EVO
(semver)
Affected: 21.4-EVO , < 21.4R3-S6-EVO (semver) Affected: 22.1-EVO , < 22.1R3-S5-EVO (semver) Affected: 22.2-EVO , < 22.2R3-S3-EVO (semver) Affected: 22.3-EVO , < 22.3R3-S2-EVO (semver) Affected: 22.4-EVO , < 22.4R3-EVO (semver) Affected: 23.2-EVO , < 23.2R2-EVO (semver) |
Date Public
2024-07-10 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:56:58.930100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:47:32.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EVPN-VPWS can be configured with the following:\u0026nbsp; \u0026nbsp;\u003cbr\u003e\u003ctt\u003e\u003ctt\u003e[ routing-instances \u0026lt;instance-name\u0026gt; instance-type evpn-vpws ]\u003cbr\u003e[ routing-instances \u0026lt;instance-name\u0026gt; interface \u0026lt;interface\u0026gt; ]\u003c/tt\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIGMP-snooping can be enabled with the following configuration line:\u003cbr\u003e\u003ctt\u003e[ routing-instances \u0026lt;instance-name\u0026gt; bridge-domains \u0026lt;name\u0026gt; igmp-snooping vlan \u0026lt;vlan\u0026gt; ]\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e"
}
],
"value": "EVPN-VPWS can be configured with the following:\u00a0 \u00a0\n[ routing-instances \u003cinstance-name\u003e instance-type evpn-vpws ]\n[ routing-instances \u003cinstance-name\u003e interface \u003cinterface\u003e ]\n\nIGMP-snooping can be enabled with the following configuration line:\n[ routing-instances \u003cinstance-name\u003e bridge-domains \u003cname\u003e igmp-snooping vlan \u003cvlan\u003e ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\u003cbr\u003e\u003cbr\u003eThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4 before 21.4R3-S6,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1 before 22.1R3-S5,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2 before 22.2R3-S3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3 before 22.3R3-S2,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4 before 22.4R3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2 before 23.2R2;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4-EVO before 21.4R3-S6-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1-EVO before 22.1R3-S5-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3-EVO before 22.3R3-S2-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\n\nThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\n\nThis issue affects Junos OS: \n * All versions before 20.4R3-S10,\u00a0\n * from 21.4 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3,\u00a0\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved: \n * All versions before 20.4R3-S10-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:05:27.050Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82980"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82980",
"defect": [
"1758171"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39514",
"datePublished": "2024-07-10T23:05:27.050Z",
"dateReserved": "2024-06-25T15:12:53.238Z",
"dateUpdated": "2024-08-02T04:26:15.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39815 (GCVE-0-2024-39815)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:33 – Updated: 2024-08-21 20:04
VLAI
Title
Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions
Summary
Improper check or handling of exceptional conditions vulnerability
affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated
remote attacker to cause a denial of service. A specially-crafted
HTTP request to pre-authentication resources can crash the service.
Severity
9.1 (Critical)
CWE
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAR1200-L |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAR600-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11AC |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11G-500S |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VBG1200 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11S-5G |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11S |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAR11N-300 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11G-300 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11N-300 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11G |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11G-500 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VBG1200 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11AC |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VGA-1000 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:41:59.876924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:38.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
}
],
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:43:20.731Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39815",
"datePublished": "2024-08-08T19:33:35.137Z",
"dateReserved": "2024-07-30T16:15:10.109Z",
"dateUpdated": "2024-08-21T20:04:38.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4611 (GCVE-0-2024-4611)
Vulnerability from cvelistv5 – Published: 2024-05-29 04:30 – Updated: 2026-04-08 17:25
VLAI
Title
AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass
Summary
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server.
Severity
8.1 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| scottopolis | AppPresser – Mobile App Framework |
Affected:
0 , ≤ 4.3.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apppresser:apppresser:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "apppresser",
"vendor": "apppresser",
"versions": [
{
"lessThanOrEqual": "4.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T15:40:42.572321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:31.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1498fdf-9d5e-4277-92be-469d6646864b?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_User.php?rev=2789173#L40"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L167"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L133"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3093975/apppresser"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppPresser \u2013 Mobile App Framework",
"vendor": "scottopolis",
"versions": [
{
"lessThanOrEqual": "4.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the \u0027decrypt_value\u0027 and on the \u0027doCookieAuth\u0027 functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the \u0027openssl\u0027 php extension is not loaded on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:25:08.103Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1498fdf-9d5e-4277-92be-469d6646864b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_User.php?rev=2789173#L40"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L167"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L133"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3093975/apppresser"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-07T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-05-07T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-05-28T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AppPresser \u003c= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4611",
"datePublished": "2024-05-29T04:30:14.177Z",
"dateReserved": "2024-05-07T14:59:27.872Z",
"dateUpdated": "2026-04-08T17:25:08.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51491 (GCVE-0-2024-51491)
Vulnerability from cvelistv5 – Published: 2025-01-13 21:42 – Updated: 2025-01-14 00:19
VLAI
Title
Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go
Summary
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature.
After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination. In method `crl.(*FileCache).Set`, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated `notation` cache directory thanks `os.Rename`. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on rename syscall from the libc and as per the documentation, moving a file to a different mountpoint raises an EXDEV error, interpreted as Cross device link not permitted error. Some Linux distribution, like RedHat use a dedicated filesystem (tmpfs), mounted on a specific mountpoint (usually /tmp) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash notation. As a result the signature verification process is aborted as process crashes. This issue has been addressed in version 1.3.0-rc.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/notaryproject/notation-go/secu… | x_refsource_CONFIRM |
| https://github.com/notaryproject/notation-go/comm… | x_refsource_MISC |
| https://man7.org/linux/man-pages/man2/rename.2.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| notaryproject | notation-go |
Affected:
= 1.3.0-rc.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51491",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T00:18:53.695137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T00:19:12.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/notaryproject/notation-go/security/advisories/GHSA-qjh3-4j3h-vmwp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "notation-go",
"vendor": "notaryproject",
"versions": [
{
"status": "affected",
"version": "= 1.3.0-rc.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab\u0027s security audit on the Certificate Revocation List (CRL) based revocation check feature.\nAfter retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination. In method `crl.(*FileCache).Set`, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated `notation` cache directory thanks `os.Rename`. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on rename syscall from the libc and as per the documentation, moving a file to a different mountpoint raises an EXDEV error, interpreted as Cross device link not permitted error. Some Linux distribution, like RedHat use a dedicated filesystem (tmpfs), mounted on a specific mountpoint (usually /tmp) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash notation. As a result the signature verification process is aborted as process crashes. This issue has been addressed in version 1.3.0-rc.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T21:42:11.493Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/notaryproject/notation-go/security/advisories/GHSA-qjh3-4j3h-vmwp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/notaryproject/notation-go/security/advisories/GHSA-qjh3-4j3h-vmwp"
},
{
"name": "https://github.com/notaryproject/notation-go/commit/3c3302258ad510fbca2f8a73731569d91f07d196",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/notaryproject/notation-go/commit/3c3302258ad510fbca2f8a73731569d91f07d196"
},
{
"name": "https://man7.org/linux/man-pages/man2/rename.2.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://man7.org/linux/man-pages/man2/rename.2.html"
}
],
"source": {
"advisory": "GHSA-qjh3-4j3h-vmwp",
"discovery": "UNKNOWN"
},
"title": "Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51491",
"datePublished": "2025-01-13T21:42:11.493Z",
"dateReserved": "2024-10-28T14:20:59.337Z",
"dateUpdated": "2025-01-14T00:19:12.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55548 (GCVE-0-2024-55548)
Vulnerability from cvelistv5 – Published: 2024-12-10 16:34 – Updated: 2025-11-03 22:32
VLAI
Title
Denial of Service
Summary
Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
Severity
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cyberdanube.com/security-research/st-polt… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55548",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:57:16.507922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:57:47.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:38.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
}
],
"value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u00a0This issue affects IAP-420: through 2.01e."
}
],
"impacts": [
{
"capecId": "CAPEC-25",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-25: Forced Deadlock"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:34:02.230Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55548",
"datePublished": "2024-12-10T16:34:02.230Z",
"dateReserved": "2024-12-07T13:23:43.005Z",
"dateUpdated": "2025-11-03T22:32:38.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6468 (GCVE-0-2024-6468)
Vulnerability from cvelistv5 – Published: 2024-07-11 20:40 – Updated: 2024-08-01 21:41
VLAI
Title
Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
Summary
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.
While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.
Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.
Severity
7.5 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Vault |
Affected:
1.10.0 , < 1.15.11
(semver)
|
|
| HashiCorp | Vault Enterprise |
Affected:
1.10.0 , < 1.15.11
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.15.11",
"status": "affected",
"version": "1.10.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault_enterprise",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.15.11",
"status": "affected",
"version": "1.10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:14:37.815771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:16:55.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.15.11",
"status": "affected",
"version": "1.10.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.15.11",
"status": "affected",
"version": "1.10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469: HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T20:40:12.298Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518"
}
],
"source": {
"advisory": "HCSEC-2024-HCSEC-2024-14",
"discovery": "INTERNAL"
},
"title": "Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-6468",
"datePublished": "2024-07-11T20:40:12.298Z",
"dateReserved": "2024-07-03T03:55:06.235Z",
"dateUpdated": "2024-08-01T21:41:03.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9104 (GCVE-0-2024-9104)
Vulnerability from cvelistv5 – Published: 2024-10-16 02:05 – Updated: 2026-04-08 16:48
VLAI
Title
UltimateAI <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check
Summary
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimate_ai_change_pass' function. This makes it possible for unauthenticated attackers to reset the password of the first user, whose account is not yet activated or the first user who activated their account, who are subscribers.
Severity
5.6 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tophive | Ultimate AI |
Affected:
0 , ≤ 2.8.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T13:37:02.433318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:37:16.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate AI",
"vendor": "Tophive",
"versions": [
{
"lessThanOrEqual": "2.8.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the \u0027ultimate_ai_change_pass\u0027 function. This makes it possible for unauthenticated attackers to reset the password of the first user, whose account is not yet activated or the first user who activated their account, who are subscribers."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:48:15.227Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3faf976d-0763-4e47-9bc3-18c791ec4487?source=cve"
},
{
"url": "https://codecanyon.net/item/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation/51201953"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-17T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-10-15T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "UltimateAI \u003c= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9104",
"datePublished": "2024-10-16T02:05:03.342Z",
"dateReserved": "2024-09-23T15:06:54.229Z",
"dateUpdated": "2026-04-08T16:48:15.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11594 (GCVE-0-2025-11594)
Vulnerability from cvelistv5 – Published: 2025-10-11 09:02 – Updated: 2025-10-14 14:09
VLAI
Title
ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input
Summary
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
Severity
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.327915 | vdb-entry |
| https://vuldb.com/?ctiid.327915 | signaturepermissions-required |
| https://vuldb.com/?submit.671737 | third-party-advisory |
| https://github.com/Lianhaorui/Report/blob/main/Pa… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ywxbear | PHP-Bookstore-Website-Example |
Affected:
0e0b9f542f7a2d90a8d7f8c83caca69294e234e4
|
|
| ywxbear | PHP Basic BookStore Website |
Affected:
0e0b9f542f7a2d90a8d7f8c83caca69294e234e4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11594",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T13:25:09.783228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:09:17.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Quantity Handler"
],
"product": "PHP-Bookstore-Website-Example",
"vendor": "ywxbear",
"versions": [
{
"status": "affected",
"version": "0e0b9f542f7a2d90a8d7f8c83caca69294e234e4"
}
]
},
{
"modules": [
"Quantity Handler"
],
"product": "PHP Basic BookStore Website",
"vendor": "ywxbear",
"versions": [
{
"status": "affected",
"version": "0e0b9f542f7a2d90a8d7f8c83caca69294e234e4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "lianhaorui (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases."
},
{
"lang": "de",
"value": "In ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /index.php der Komponente Quantity Handler. Durch das Manipulieren mit unbekannten Daten kann eine improper validation of specified quantity in input-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bei diesem Produkt handelt es sich um ein Rolling Release, das eine fortlaufende Bereitstellung erm\u00f6glicht. Aus diesem Grund stehen keine Versionsinformationen zu betroffenen oder aktualisierten Versionen zur Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-11T09:02:05.497Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327915 | ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.327915"
},
{
"name": "VDB-327915 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327915"
},
{
"name": "Submit #671737 | PHP-Bookstore-Website-Example web 1 Business Logic Errors",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.671737"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-10T14:33:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11594",
"datePublished": "2025-10-11T09:02:05.497Z",
"dateReserved": "2025-10-10T12:28:53.584Z",
"dateUpdated": "2025-10-14T14:09:17.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12890 (GCVE-0-2025-12890)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:40 – Updated: 2025-11-10 20:19
VLAI
Title
Bluetooth: peripheral: Invalid handling of malformed connection request
Summary
Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it.
Severity
6.5 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Affected:
* , ≤ 4.1
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T20:18:46.863991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T20:19:47.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.1",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bluetooth: peripheral: Invalid handling of malformed connection request"
}
],
"value": "Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:40:56.266Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8hrf-pfww-83v9"
}
],
"source": {
"discovery": "Zewen Shang [Asset Research Group](https://asset-group.github.io/)"
},
"title": "Bluetooth: peripheral: Invalid handling of malformed connection request",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2025-12890",
"datePublished": "2025-11-07T18:40:56.266Z",
"dateReserved": "2025-11-07T17:46:51.345Z",
"dateUpdated": "2025-11-10T20:19:47.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.