CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33936 – WordPress Print-O-Matic plugin <= 2.1.10 - Auth. Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33936
29 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Print-O-Matic allows Stored XSS.This issue affects Print-O-Matic: from n/a through 2.1.10. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Twinpictures Print-O-Matic permite almacenar XSS. Este problema afecta a Print-O-Matic: desde n/a hasta 2.1.10. The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross... • https://patchstack.com/database/vulnerability/print-o-matic/wordpress-print-o-matic-plugin-2-1-10-auth-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34043
https://notcve.org/view.php?id=CVE-2024-34043
29 Apr 2024 — O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. O-RAN RICAPP kpimon-go I-Release tiene una violación de segmentación a través de un determinado mensaje E2AP-PDU. • https://jira.o-ran-sc.org/browse/RICAPP-235 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34048
https://notcve.org/view.php?id=CVE-2024-34048
29 Apr 2024 — O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. O-RAN RIC I-Release e2mgr carece de comprobaciones de tamaño de matriz en E2nodeConfigUpdateNotificationHandler. • https://gerrit.o-ran-sc.org/r/c/ric-plt/e2mgr/+/12629 • CWE-129: Improper Validation of Array Index •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34045
https://notcve.org/view.php?id=CVE-2024-34045
29 Apr 2024 — The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). La función de incremento métrico de O-RAN E2T I-Release Prometheus puede fallar en sctpThread.cpp para message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). • https://jira.o-ran-sc.org/browse/RIC-1047 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34046
https://notcve.org/view.php?id=CVE-2024-34046
29 Apr 2024 — The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). La función de incremento métrico de O-RAN E2T I-Release Prometheus puede fallar en sctpThread.cpp para message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). • https://jira.o-ran-sc.org/browse/RIC-1047 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-0353 – Local privilege escalation in Windows products
https://notcve.org/view.php?id=CVE-2024-0353
15 Feb 2024 — Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. La vulnerabilidad de escalada de privilegios local potencialmente permitió a un atacante hacer un mal uso de las operaciones de archivos de ESET para eliminar archivos sin tener el permiso adecuado. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. An attacker must first obtain the ... • https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0354 – unknown-o download-station index.php path traversal
https://notcve.org/view.php?id=CVE-2024-0354
09 Jan 2024 — A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. • https://note.zhaoj.in/share/nHD5xiHQgHG0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42358
https://notcve.org/view.php?id=CVE-2023-42358
03 Jan 2024 — An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. Se descubrió un problema en O-RAN Software Community ric-plt-e2mgr en el entorno G-Release, que permite a atacantes remotos provocar una denegación de servicio (DoS) a través de una solicitud manipulada al componente API de E2Manager. • https://jira.o-ran-sc.org/browse/RIC-1009 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41627
https://notcve.org/view.php?id=CVE-2023-41627
01 Sep 2023 — O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. O-RAN Software Community ric-plt-lib-rmr v4.9.0 no valida la fuente de las tablas de enrutamiento que recibe, permitiendo potencialmente a los atacantes enviar tablas de enrutamiento falsificadas al dispositivo. • https://jira.o-ran-sc.org/browse/RIC-1001 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41628
https://notcve.org/view.php?id=CVE-2023-41628
01 Sep 2023 — An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. Un problema en O-RAN Software Community E2 G-Release permite a los atacantes provocar una denegación de servicio (DoS) iniciando incorrectamente el procedimiento de mensajería entre los componentes "E2Node" y "E2Term". • https://jira.o-ran-sc.org/browse/RIC-1002 •