CISA Bulletins - Vulnerability Summary for the Week of July 15, 2024

system · July 22, 2024, 1:12pm

High Vulnerabilities

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source Info[/TH] [TH]Patch Info[/TH] [/TR] [TR] [TD][LEFT]1Panel-dev--1Panel [/LEFT][/TD] [TD][LEFT]1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.[/LEFT][/TD] [TD][CENTER]2024-07-18[/CENTER][/TD] [TD][CENTER][10]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-39911&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-39911]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-39911')[/TD] [TD][[email protected]]('https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html') [[email protected]]('https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5') [/TD] [/TR] [TR] [TD][LEFT]1Panel-dev--1Panel [/LEFT][/TD] [TD][LEFT]1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.[/LEFT][/TD] [TD][CENTER]2024-07-18[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-39907&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-39907]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-39907')[/TD] [TD][[email protected]]('https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6') [/TD] [/TR] [TR] [TD][LEFT]a3rev Software--WooCommerce Predictive Search [/LEFT][/TD] [TD][LEFT]Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in a3rev Software WooCommerce Predictive Search allows Reflected XSS.This issue affects WooCommerce Predictive Search: from n/a through 6.0.1.[/LEFT][/TD] [TD][CENTER]2024-07-20[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-38669&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L')[/CENTER][/TD] [TD][CVE-2024-38669]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-38669')[/TD] [TD][[email protected]]('https://patchstack.com/database/vulnerability/woocommerce-predictive-search/wordpress-predictive-search-for-woocommerce-plugin-6-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve') [/TD] [/TR] [TR] [TD][LEFT]abb -- mint_workbench [/LEFT][/TD] [TD][LEFT]Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-5402&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-5402]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-5402')[/TD] [TD][[email protected]]('https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch') [/TD] [/TR] [TR] [TD][LEFT]apache -- airflow [/LEFT][/TD] [TD][LEFT]Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-39877&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-39877]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-39877')[/TD] [TD][[email protected]]('https://github.com/apache/airflow/pull/40522') [[email protected]]('https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1') [/TD] [/TR] [TR] [TD][LEFT]apache -- cxf [/LEFT][/TD] [TD][LEFT]An improper input validation of theÂ p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9Â allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.Â [/LEFT][/TD] [TD][CENTER]2024-07-19[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-32007&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H')[/CENTER][/TD] [TD][CVE-2024-32007]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-32007')[/TD] [TD][[email protected]]('https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633') [/TD] [/TR] [TR] [TD][LEFT]apache -- linkis [/LEFT][/TD] [TD][LEFT]In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.Â We recommend that users upgrade the java version to >= 1.8.0_241. Or users upgrade Linkis to version 1.6.0.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46801&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46801]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46801')[/TD] [TD][[email protected]]('https://lists.apache.org/thread/0dnzh64xy1n7qo3rgo2loz9zn7m9xgdx') [/TD] [/TR] [TR] [TD][LEFT]apache -- linkis [/LEFT][/TD] [TD][LEFT]In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will resultÂ in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted.Â This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis <=1.5.0 will be affected. We recommend users upgrade the version of Linkis to version 1.6.0.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-49566&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-49566]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-49566')[/TD] [TD][[email protected]]('https://lists.apache.org/thread/t68yy52lmv7pxgrxnq6rw7rwvk9tb1xj') [/TD] [/TR] [TR] [TD][LEFT]Appmaker--Appmaker Convert WooCommerce to Android & iOS Native Mobile Apps [/LEFT][/TD] [TD][LEFT]Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Appmaker Appmaker - Convert WooCommerce to Android & iOS Native Mobile Apps allows Reflected XSS.This issue affects Appmaker - Convert WooCommerce to Android & iOS Native Mobile Apps: from n/a through 1.36.12.[/LEFT][/TD] [TD][CENTER]2024-07-20[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-38680&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L')[/CENTER][/TD] [TD][CVE-2024-38680]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-38680')[/TD] [TD][[email protected]]('https://patchstack.com/database/vulnerability/appmaker-woocommerce-mobile-app-manager/wordpress-appmaker-plugin-1-36-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve') [/TD] [/TR] [TR] [TD][LEFT]baramundi--Management Agent [/LEFT][/TD] [TD][LEFT]Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6689&vector=CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6689]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6689')[/TD] [TD][a341c0d1-ebf7-493f-a84e-38cf86618674]('https://www.baramundi.com/en-us/security-info/s-2024-01/') [/TD] [/TR] [TR] [TD][LEFT]BishopFox--sliver [/LEFT][/TD] [TD][LEFT]Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), "there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server." An operator who exploited this vulnerability would be able to view all console logs, kick all other operators, view and modify files stored on the server, and ultimately delete the server. This issue has not yet be addressed but is expected to be resolved before the full release of version 1.6.0. Users of the 1.6.0 prerelease should avoid using Silver in production.[/LEFT][/TD] [TD][CENTER]2024-07-18[/CENTER][/TD] [TD][CENTER][7.2]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-41111&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-41111]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-41111')[/TD] [TD][[email protected]]('https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57') [[email protected]]('https://github.com/BishopFox/sliver/issues/65') [[email protected]]('https://github.com/BishopFox/sliver/pull/1281') [[email protected]]('https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8') [[email protected]]('https://sliver.sh/docs?name=Multi-player+Mode') [/TD] [/TR] [TR] [TD][LEFT]brizy -- brizy-page_builder [/LEFT][/TD] [TD][LEFT]The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Version 2.4.44 prevents the upload of files ending in .sh and .php. Version 2.4.45 fully patches the issue.[/LEFT][/TD] [TD][CENTER]2024-07-18[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3242&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3242]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3242')[/TD] [TD][[email protected]]('https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L264') [[email protected]]('https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L547') [[email protected]]('https://plugins.trac.wordpress.org/changeset/3086506/brizy/trunk/editor/zip/archiver.php') [[email protected]]('https://plugins.trac.wordpress.org/changeset/3112878/brizy/trunk?contextall=1&old=3086506&old_path=%2Fbrizy%2Ftrunk') [[email protected]]('https://www.wordfence.com/threat-intel/vulnerabilities/id/a414de0a-ae44-4955-bd25-ec6ad7860835?source=cve') [/TD] [/TR] [TR] [TD][LEFT]cellopoint -- secure_email_gateway [/LEFT][/TD] [TD][LEFT]The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6744&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6744]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6744')[/TD] [TD][[email protected]]('https://www.twcert.org.tw/en/cp-139-7937-acbb5-2.html') [[email protected]]('https://www.twcert.org.tw/tw/cp-132-7936-f6381-1.html') [/TD] [/TR] [TR] [TD][LEFT]cifi--SEO Plugin by Squirrly SEO [/LEFT][/TD] [TD][LEFT]The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2024-07-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6497&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6497]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6497')[/TD] [TD][[email protected]]('https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/Api.php#L267') [[email protected]]('https://plugins.trac.wordpress.org/changeset/3121853/') [[email protected]]('https://wordpress.org/plugins/squirrly-seo/#developers') [[email protected]]('https://www.wordfence.com/threat-intel/vulnerabilities/id/bb3aa613-8f34-4d96-8ddf-41fcdcf65c59?source=cve') [/TD] [/TR] [TR] [TD][LEFT]Cisco--Cisco Intelligent Node Manager [/LEFT][/TD] [TD][LEFT]A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-20323&vector=CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N')[/CENTER][/TD] [TD][CVE-2024-20323]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-20323')[/TD] [TD][[email protected]]('https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn') [/TD] [/TR] [TR] [TD][LEFT]Cisco--Cisco Secure Email [/LEFT][/TD] [TD][LEFT]A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-20401&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-20401]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-20401')[/TD] [TD][[email protected]]('https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH') [/TD] [/TR] [TR] [TD][LEFT]Cisco--Cisco Secure Web Appliance [/LEFT][/TD] [TD][LEFT]A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-20435&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-20435]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-20435')[/TD] [TD][[email protected]]('https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC') [/TD] [/TR] [TR] [TD][LEFT]Cisco--Cisco Smart Software Manager On-Prem [/LEFT][/TD] [TD][LEFT]A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][10]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-20419&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-20419]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-20419')[/TD] [TD][[email protected]]('https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy') [/TD] [/TR] [TR] [TD][LEFT]code-projects -- simple_task_list [/LEFT][/TD] [TD][LEFT]A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271707.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6808&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6808]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6808')[/TD] [TD][[email protected]]('https://github.com/qianqiusujiu/cve/issues/1') [[email protected]]('https://vuldb.com/?ctiid.271707') [[email protected]]('https://vuldb.com/?id.271707') [[email protected]]('https://vuldb.com/?submit.375154') [/TD] [/TR] [TR] [TD][LEFT]code-projects -- simple_ticket_booking [/LEFT][/TD] [TD][LEFT]A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271476.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6745&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6745]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6745')[/TD] [TD][[email protected]]('https://github.com/xzyxiaohaha/cve/issues/2') [[email protected]]('https://vuldb.com/?ctiid.271476') [[email protected]]('https://vuldb.com/?id.271476') [[email protected]]('https://vuldb.com/?submit.374770') [/TD] [/TR] [TR] [TD][LEFT]codoc.jp--codoc [/LEFT][/TD] [TD][LEFT]Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codoc.Jp allows Stored XSS.This issue affects codoc: from n/a through 0.9.51.12.[/LEFT][/TD] [TD][CENTER]2024-07-20[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-37961&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L')[/CENTER][/TD] [TD][CVE-2024-37961]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-37961')[/TD] [TD][[email protected]]('https://patchstack.com/database/vulnerability/codoc/wordpress-codoc-plugin-0-9-51-12-cross-site-scripting-xss-vulnerability?_s_id=cve') [/TD] [/TR] [TR] [TD][LEFT]computer_laboratory_management_system_project -- computer_laboratory_management_system [/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6802&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6802]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6802')[/TD] [TD][[email protected]]('https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6802') [[email protected]]('https://vuldb.com/?ctiid.271704') [[email protected]]('https://vuldb.com/?id.271704') [[email protected]]('https://vuldb.com/?submit.374797') [/TD] [/TR] [TR] [TD][LEFT]document_management_system_project -- document_management_system [/LEFT][/TD] [TD][LEFT]A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert.php. The manipulation of the argument anothercont leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271705 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6803&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6803]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6803')[/TD] [TD][[email protected]]('https://github.com/hzy11111111/cve/issues/3') [[email protected]]('https://vuldb.com/?ctiid.271705') [[email protected]]('https://vuldb.com/?id.271705') [[email protected]]('https://vuldb.com/?submit.374809') [/TD] [/TR] [TR] [TD][LEFT]easyspider -- easyspider [/LEFT][/TD] [TD][LEFT]A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet".[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6746&vector=CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6746]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6746')[/TD] [TD][[email protected]]('https://github.com/NaiboWang/EasySpider/issues/466') [[email protected]]('https://vuldb.com/?ctiid.271477') [[email protected]]('https://vuldb.com/?id.271477') [[email protected]]('https://vuldb.com/?submit.371998') [/TD] [/TR] [TR] [TD][LEFT]Eclipse Foundation--Parsson [/LEFT][/TD] [TD][LEFT]In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][8.6]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-7272&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-7272]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-7272')[/TD] [TD][[email protected]]('https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/12') [/TD] [/TR] [TR] [TD][LEFT]elearningfreak -- insert_or_embed_articulate_content [/LEFT][/TD] [TD][LEFT]The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-5630&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-5630]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-5630')[/TD] [TD][[email protected]]('https://wpscan.com/vulnerability/538c875f-4c20-4be0-8098-5bddb7aecff4/') [/TD] [/TR] [TR] [TD][LEFT]electronic_official_document_management_system_project -- electronic_official_document_management_system [/LEFT][/TD] [TD][LEFT]The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6737&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6737]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6737')[/TD] [TD][[email protected]]('https://www.twcert.org.tw/en/cp-139-7924-85606-2.html') [[email protected]]('https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html') [/TD] [/TR] [TR] [TD][LEFT]foliovision -- fv_flowplayer_video_player [/LEFT][/TD] [TD][LEFT]The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the 'exclude' parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.[/LEFT][/TD] [TD][CENTER]2024-07-19[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6338&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6338]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6338')[/TD] [TD][[email protected]]('https://plugins.trac.wordpress.org/browser/fv-wordpress-flowplayer/trunk/models/video-encoder/class.fv-player-encoder-list-table.php#L308') [[email protected]]('https://plugins.trac.wordpress.org/changeset/3121532/') [[email protected]]('https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers') [[email protected]]('https://www.wordfence.com/threat-intel/vulnerabilities/id/d4185a0e-d944-408f-8a43-8f9c6bc3964d?source=cve') [/TD] [/TR] [TR] [TD][LEFT]getdbt -- dbt_core [/LEFT][/TD] [TD][LEFT]dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also means that a malicious package could potentially override these components with harmful code. This issue has been fixed in versions 1.8.0, 1.6.14 and 1.7.14. Users are advised to upgrade. There are no kn own workarounds for this vulnerability. Users updating to either 1.6.14 or 1.7.14 will need to set [ICODE]flags.require_explicit_package_overrides_for_builtin_materializations: False[/ICODE] in their configuration in [ICODE]dbt_project.yml[/ICODE].[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-40637&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-40637]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-40637')[/TD] [TD][[email protected]]('https://docs.getdbt.com/docs/build/packages') [[email protected]]('https://docs.getdbt.com/reference/global-configs/legacy-behaviors#behavior-change-flags') [[email protected]]('https://github.com/dbt-labs/dbt-core/commit/3c82a0296d227cb1be295356df314c11716f4ff6') [[email protected]]('https://github.com/dbt-labs/dbt-core/commit/87ac4deb00cc9fe334706e42a365903a1d581624') [[email protected]]('https://github.com/dbt-labs/dbt-core/security/advisories/GHSA-p3f3-5ccg-83xq') [[email protected]]('https://tempered.works/posts/2024/07/06/preventing-data-theft-with-gcp-service-controls') [[email protected]]('https://www.elementary-data.com/post/are-dbt-packages-secure-the-answer-lies-in-your-dwh-policies') [[email protected]]('https://www.equalexperts.com/blog/tech-focus/are-you-at-risk-from-this-critical-dbt-vulnerability') [/TD] [/TR] [TR] [TD][LEFT]GitHub--GitHub Enterprise Server [/LEFT][/TD] [TD][LEFT]A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][7.7]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-5795&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H')[/CENTER][/TD] [TD][CVE-2024-5795]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-5795')[/TD] [TD][[email protected]]('https://docs.github.com/en/[email protected]/admin/release-notes#3.10.14') [[email protected]]('https://docs.github.com/en/[email protected]/admin/release-notes#3.11.12') [[email protected]]('https://docs.github.com/en/[email protected]/admin/release-notes#3.12.6') [[email protected]]('https://docs.github.com/en/[email protected]/admin/release-notes#3.13.1') [[email protected]]('https://docs.github.com/en/[email protected]/admin/release-notes#3.9.17') [/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3168&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3168]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3168')[/TD] [TD][[email protected]]('https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html') [[email protected]]('https://issues.chromium.org/issues/323813642') [/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3169&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3169]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3169')[/TD] [TD][[email protected]]('https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html') [[email protected]]('https://issues.chromium.org/issues/41491234') [/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3170&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3170]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3170')[/TD] [TD][[email protected]]('https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html') [[email protected]]('https://issues.chromium.org/issues/41488824') [/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3171&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3171]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3171')[/TD] [TD][[email protected]]('https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html') [[email protected]]('https://issues.chromium.org/issues/41483350') [/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3172&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3172]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3172')[/TD] [TD][[email protected]]('https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html') [[email protected]]('https://issues.chromium.org/issues/40942152') [/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3173&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3173]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3173')[/TD] [TD][[email protected]]('https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html') [[email protected]]('https://issues.chromium.org/issues/40075849') [/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3174&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3174]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3174')[/TD] [TD][[email protected]]('https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html') [[email protected]]('https://issues.chromium.org/issues/40073339') [/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-3176&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-3176]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-3176')[/TD] [TD][[email protected]]('https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html') [[email protected]]('https://issues.chromium.org/issues/40061476') [/TD] [/TR] [TR] [TD][LEFT]havenweb--haven [/LEFT][/TD] [TD][LEFT]A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads to the immediate execution of the provided commands when the link is accessed by the authenticated administrator. This issue may lead to Remote Code Execution (RCE) and has been addressed by commit [ICODE]c52f07c[/ICODE]. Users are advised to upgrade. There are no known workarounds for this vulnerability.[/LEFT][/TD] [TD][CENTER]2024-07-19[/CENTER][/TD] [TD][CENTER][8.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-39906&vector=CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-39906]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-39906')[/TD] [TD][[email protected]]('https://github.com/havenweb/haven/commit/c52f07c') [[email protected]]('https://github.com/havenweb/haven/security/advisories/GHSA-65cm-7g24-hm9f') [/TD] [/TR] [TR] [TD][LEFT]Hewlett Packard Enterprise (HPE)--HPE 3PAR Service Processor [/LEFT][/TD] [TD][LEFT]The vulnerability could be remotely exploited to bypass authentication.[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-22442&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-22442]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-22442')[/TD] [TD][[email protected]]('https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04663en_us&docLocale=en_US') [/TD] [/TR] [TR] [TD][LEFT]ibm -- datacap [/LEFT][/TD] [TD][LEFT]IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-39736&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-39736]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-39736')[/TD] [TD][[email protected]]('https://exchange.xforce.ibmcloud.com/vulnerabilities/296003') [[email protected]]('https://www.ibm.com/support/pages/node/7160185') [/TD] [/TR] [TR] [TD][LEFT]ibm -- datacap [/LEFT][/TD] [TD][LEFT]IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-39731&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2024-39731]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-39731')[/TD] [TD][[email protected]]('https://exchange.xforce.ibmcloud.com/vulnerabilities/295970') [[email protected]]('https://www.ibm.com/support/pages/node/7160185') [/TD] [/TR] [TR] [TD][LEFT]IBM--Engineering Requirements Management DOORS [/LEFT][/TD] [TD][LEFT]IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.[/LEFT][/TD] [TD][CENTER]2024-07-18[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-50304&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L')[/CENTER][/TD] [TD][CVE-2023-50304]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-50304')[/TD] [TD][[email protected]]('https://exchange.xforce.ibmcloud.com/vulnerabilities/273335') [[email protected]]('https://www.ibm.com/support/pages/node/7160471') [/TD] [/TR] [TR] [TD][LEFT]iThemelandCo--WooCommerce Report [/LEFT][/TD] [TD][LEFT]Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5.[/LEFT][/TD] [TD][CENTER]2024-07-20[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-38683&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L')[/CENTER][/TD] [TD][CVE-2024-38683]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-38683')[/TD] [TD][[email protected]]('https://patchstack.com/database/vulnerability/ithemelandco-woo-report/wordpress-woocommerce-report-plugin-1-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve') [/TD] [/TR] [TR] [TD][LEFT]jkev -- record_managment_system [/LEFT][/TD] [TD][LEFT]A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edit_emp.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271925 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2024-07-19[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6900&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6900]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6900')[/TD] [TD][[email protected]]('https://github.com/netmanzhang/VUL/blob/main/Record-Management-System-03.md') [[email protected]]('https://vuldb.com/?ctiid.271925') [[email protected]]('https://vuldb.com/?id.271925') [[email protected]]('https://vuldb.com/?submit.375193') [/TD] [/TR] [TR] [TD][LEFT]jkev -- record_managment_system [/LEFT][/TD] [TD][LEFT]A vulnerability classified as critical has been found in SourceCodester Record Management System 1.0. Affected is an unknown function of the file entry.php. The manipulation of the argument school leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271926 is the identifier assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2024-07-19[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6901&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6901]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6901')[/TD] [TD][[email protected]]('https://github.com/netmanzhang/VUL/blob/main/Record-Management-System-04.md') [[email protected]]('https://vuldb.com/?ctiid.271926') [[email protected]]('https://vuldb.com/?id.271926') [[email protected]]('https://vuldb.com/?submit.375194') [/TD] [/TR] [TR] [TD][LEFT]jkev -- record_managment_system [/LEFT][/TD] [TD][LEFT]A vulnerability classified as critical was found in SourceCodester Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file sort_user.php. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271927.[/LEFT][/TD] [TD][CENTER]2024-07-19[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6902&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6902]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6902')[/TD] [TD][[email protected]]('https://github.com/netmanzhang/VUL/blob/main/Record-Management-System-05.md') [[email protected]]('https://vuldb.com/?ctiid.271927') [[email protected]]('https://vuldb.com/?id.271927') [[email protected]]('https://vuldb.com/?submit.375195') [/TD] [/TR] [TR] [TD][LEFT]jkev -- record_managment_system [/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0. Affected by this issue is some unknown functionality of the file sort1_user.php. The manipulation of the argument position leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271928.[/LEFT][/TD] [TD][CENTER]2024-07-19[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6903&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6903]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6903')[/TD] [TD][[email protected]]('https://github.com/netmanzhang/VUL/blob/main/Record-Management-System-06.md') [[email protected]]('https://vuldb.com/?ctiid.271928') [[email protected]]('https://vuldb.com/?id.271928') [[email protected]]('https://vuldb.com/?submit.375206') [/TD] [/TR] [TR] [TD][LEFT]Johnson Controls--Software House CCURE 9000 Installer [/LEFT][/TD] [TD][LEFT]Under certain circumstances the Software House C?CURE 9000 Site Server provides insufficient protection of directories containing executables.[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-32861&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-32861]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-32861')[/TD] [TD][[email protected]]('https://www.cisa.gov/news-events/ics-advisories/ICSA-24-191-05') [[email protected]]('https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories') [/TD] [/TR] [TR] [TD][LEFT]jumpserver--jumpserver [/LEFT][/TD] [TD][LEFT]JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been addressed in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There is no known workarounds for this vulnerability.[/LEFT][/TD] [TD][CENTER]2024-07-18[/CENTER][/TD] [TD][CENTER][10]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-40628&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-40628]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-40628')[/TD] [TD][[email protected]]('https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9') [/TD] [/TR] [TR] [TD][LEFT]jumpserver--jumpserver [/LEFT][/TD] [TD][LEFT]JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been patched in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There are no known workarounds for this vulnerability.[/LEFT][/TD] [TD][CENTER]2024-07-18[/CENTER][/TD] [TD][CENTER][10]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-40629&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-40629]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-40629')[/TD] [TD][[email protected]]('https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v') [/TD] [/TR] [TR] [TD][LEFT]jupyterlab--extension-template [/LEFT][/TD] [TD][LEFT]JupyterLab extension template is a [ICODE]copier[/ICODE] template for JupyterLab extensions. Repositories created using this template with [ICODE]test[/ICODE] option include [ICODE]update-integration-tests.yml[/ICODE] workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to [ICODE]update-integration-tests.yml[/ICODE], accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the [ICODE]main[/ICODE] branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration.[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][9.9]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-39700&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-39700]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-39700')[/TD] [TD][[email protected]]('https://github.com/jupyterlab/extension-template/commit/035e78c1c65bcedee97c95bb683abe59c96bc4e6') [[email protected]]('https://github.com/jupyterlab/extension-template/security/advisories/GHSA-45gq-v5wm-82wg') [/TD] [/TR] [TR] [TD][LEFT]keydatas -- keydatas [/LEFT][/TD] [TD][LEFT]The ????? (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.[/LEFT][/TD] [TD][CENTER]2024-07-17[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-6220&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-6220]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-6220')[/TD] [TD][[email protected]]('https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php') [[email protected]]('https://www.wordfence.com/threat-intel/vulnerabilities/id/49ae7971-7bdf-4369-b04b-fb48ea5b9518?source=cve') [/TD] [/TR] [TR] [TD][LEFT]langchain -- langchain-experimental [/LEFT][/TD] [TD][LEFT]Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if they can control the input prompt and the server is configured with VectorSQLDatabaseChain. [B]Notes:[/B] Impact on the Confidentiality, Integrity and Availability of the vulnerable component: Confidentiality: Code execution happens within the impacted component, in this case langchain-experimental, so all resources are necessarily accessible. Integrity: There is nothing protected by the impacted component inherently. Although anything returned from the component counts as 'information' for which the trustworthiness can be compromised. Availability: The loss of availability isn't caused by the attack itself, but it happens as a result during the attacker's post-exploitation steps. Impact on the Confidentiality, Integrity and Availability of the subsequent system: As a legitimate low-privileged user of the package (PR:L) the attacker does not have more access to data owned by the package as a result of this vulnerability than they did with normal usage (e.g. can query the DB). The unintended action that one can perform by breaking out of the app environment and exfiltrating files, making remote connections etc. happens during the post exploitation phase in the subsequent system - in this case, the OS. AT:P: An attacker needs to be able to influence the input prompt, whilst the server is configured with the VectorSQLDatabaseChain plugin.[/LEFT][/TD] [TD][CENTER]2024-07-15[/CENTER][/TD] [TD][CENTER][8.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-21513&vector=CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2024-21513]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-21513')[/TD] [TD][[email protected]]('https://github.com/langchain-ai/langchain/blob/672907bbbb7c38bf19787b78e4ffd7c8a9026fe4/libs/experimental/langchain_experimental/sql/vector_sql.py%23L81') [[email protected]]('https://github.com/langchain-ai/langchain/commit/7b13292e3544b2f5f2bfb8a27a062ea2b0c34561') [[email protected]]('https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAINEXPERIMENTAL-7278171') [/TD] [/TR] [TR] [TD][LEFT]linux -- linux_kernel [/LEFT][/TD] [TD][LEFT]In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0 WARNING: CPU: 0 PID: 3813 at drivers/usb/core/urb.c:412 usb_submit_urb+0x13a5/0x1970 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 3813 Comm: syz-executor122 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0 ... Call Trace: usb_start_wait_urb+0x113/0x530 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x2a5/0x4b0 drivers/usb/core/message.c:153 usbtmc_ioctl_request drivers/usb/class/usbtmc.c:1947 [inline] The problem is that usbtmc_ioctl_request() uses usb_rcvctrlpipe() for all of its transfers, whether they are in or out. It's easy to fix.[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-48834&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2022-48834]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-48834')[/TD] [TD][416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/10a805334a11acd547602d6c4cf540a0f6ab5c6e') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/5f6a2d63c68c12cf61259df7c3527a0e05dce952') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/700a0715854c1e79a73341724ce4f5bb01abc016') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/c69aef9db878ab277068a8cc1b4bf0cf309dc2b7') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/e9b667a82cdcfe21d590344447d65daed52b353b') [/TD] [/TR] [TR] [TD][LEFT]linux -- linux_kernel [/LEFT][/TD] [TD][LEFT]In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndis_set_response() If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow.[/LEFT][/TD] [TD][CENTER]2024-07-16[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-48837&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2022-48837]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-48837')[/TD] [TD][416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/138d4f739b35dfb40438a0d5d7054965763bfbe7') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/21829376268397f9fd2c35cfa9135937b6aa3a1e') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/28bc0267399f42f987916a7174e2e32f0833cc65') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/56b38e3ca4064041d93c1ca18828c8cedad2e16c') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/c7953cf03a26876d676145ce5d2ae6d8c9630b90') [416baaa9-dc9f-4396-8d5f-8c081fb06d67]('https://git.kernel.org/stable/c/df7e088d51cdf78b1a0bf1f3d405c2593295c7b0') [/TD] [/TR] [TR] [TD][LEFT]marcelotorres--Simple Responsive Slider [/LEFT][/TD] [TD][LEFT]Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.[/LEFT][/TD] [TD][CENTER]2024-07-20[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-37954&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L')[/CENTER][/TD] [TD][CVE-2024-37954]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-37954')[/TD] [TD][[email protected]]('https://patchstack.com/database/vulnerability/simple-responsive-slider/wordpress-simple-responsive-slider-plugin-0-2-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve') [/TD] [/TR] [TR] [TD][LEFT]MBE Worldwide S.p.A.--MBE eShip [/LEFT][/TD] [TD][LEFT]Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MBE Worldwide S.P.A. MBE eShip allows Reflected XSS.This issue affects MBE eShip: from n/a through 2.1.2.[/LEFT][/TD] [TD][CENTER]2024-07-20[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-37953&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L')[/CENTER][/TD] [TD][CVE-2024-37953]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-37953')[/TD] [TD][[email protected]]('https://patchstack.com/database/vulnerability/mail-boxes-etc/wordpress-mbe-eship-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve') [/TD] [/TR] [TR] [TD][LEFT]Moloni--Moloni [/LEFT][/TD] [TD][LEFT]Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Moloni allows Reflected XSS.This issue affects Moloni: from n/a through 4.7.4.[/LEFT][/TD] [TD][CENTER]2024-07-20[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-38694&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L')[/CENTER][/TD] [TD][CVE-2024-38694]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2024-38694')[/TD] [TD][[email protected]]('https://patchstack.com/database/vulnerability/moloni/wordpress-moloni-plugin-4-7-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve') [/TD] [/TR] [TR] [TD][LEFT]n/a--github.com/gotenberg/gotenberg/v8/pkg/gotenberg [/LEFT][/TD] [TD][LEFT]Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as