CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41973 – Lack of input santization on Zscaler Client Connector enables arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-41973
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later. ZSATray pasa el nombre del instalador anterior como parámetro de configuración a TrayManager, y TrayManager construye la ruta y agrega el nombre del instalador anterior para obtener la ruta completa del archivo ejecutable. Versión fija: Win ZApp 4.3.0.121 y posteriores. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2021-47162 – tipc: skb_linearize the head skb when reassembling msgs
https://notcve.org/view.php?id=CVE-2021-47162
In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_copy() where the frag_list was cloned (all the skbs in it were skb_get'ed) and shared by multiple skbs. However, the new appended frag skb should have been only seen by the current skb. Otherwise, it will cause use after free crashes as this appended frag skb are seen by multiple skbs but it only got skb_get called once. The same thing happens with a skb updated by pskb_may_pull() with a skb_cloned skb. Li Shuang has reported quite a few crashes caused by this when doing testing over macvlan devices: [] kernel BUG at net/core/skbuff.c:1970! [] Call Trace: [] skb_clone+0x4d/0xb0 [] macvlan_broadcast+0xd8/0x160 [macvlan] [] macvlan_process_broadcast+0x148/0x150 [macvlan] [] process_one_work+0x1a7/0x360 [] worker_thread+0x30/0x390 [] kernel BUG at mm/usercopy.c:102! [] Call Trace: [] __check_heap_object+0xd3/0x100 [] __check_object_size+0xff/0x16b [] simple_copy_to_iter+0x1c/0x30 [] __skb_datagram_iter+0x7d/0x310 [] __skb_datagram_iter+0x2a5/0x310 [] skb_copy_datagram_iter+0x3b/0x90 [] tipc_recvmsg+0x14a/0x3a0 [tipc] [] ____sys_recvmsg+0x91/0x150 [] ___sys_recvmsg+0x7b/0xc0 [] kernel BUG at mm/slub.c:305! • https://git.kernel.org/stable/c/45c8b7b175ceb2d542e0fe15247377bf3bce29ec https://git.kernel.org/stable/c/d45ed6c1ff20d3640a31f03816ca2d48fb7d6f22 https://git.kernel.org/stable/c/c19282fd54a19e4651a4e67836cd842082546677 https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f3348 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30205 – emacs: Org mode considers contents of remote files to be trusted
https://notcve.org/view.php?id=CVE-2024-30205
Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution. • http://www.openwall.com/lists/oss-security/2024/03/25/2 https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877 https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html https://access.redh • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0866 – Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection
https://notcve.org/view.php?id=CVE-2024-0866
The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement. El complemento Check & Log Email para WordPress es vulnerable a la inyección de gancho no autenticado en todas las versiones hasta la 1.0.9 incluida a través de la función check_nonce. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28386
https://notcve.org/view.php?id=CVE-2024-28386
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. Un problema en Home-Made.io fastmagsync v.1.7.51 y anteriores permite a un atacante remoto ejecutar código arbitrario a través del componente getPhpBin(). • http://fastmagsync.com http://home-madeio.com https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html https://www.home-made.io/module-fastmag-sync-prestashop • CWE-94: Improper Control of Generation of Code ('Code Injection') •