CVE-2024-1286
published 2024-07-30CVE-2024-1286: The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users…
PriorityP424medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.56%
42.7th percentile
The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| express | express | >= 0 < 4.19.2 | 4.19.2 |
| express | express | >= 5.0.0-alpha.1 < 5.0.0-beta.3 | 5.0.0-beta.3 |
| github.com | google_nftables | >= 0.1.0 < 0.2.0 | 0.2.0 |
| juniper | ex_series | — | — |
| juniper | junos_os | — | — |
| juniper | mx_series | — | — |
| juniper | qfx_series | — | — |
| juniper | srx_series | — | — |
| msrc | azl3_azcopy_10.22.1-1 | — | — |
| msrc | azl3_azcopy_10.24.0-1 | — | — |
| msrc | azl3_blobfuse2_2.1.0-4 | — | — |
| msrc | azl3_blobfuse2_2.3.0-1 | — | — |
| msrc | azl3_cert-manager_1.11.2-8 | — | — |
| msrc | azl3_cert-manager_1.12.12-1 | — | — |
| msrc | azl3_cf-cli_8.7.3-3 | — | — |
| msrc | azl3_cf-cli_8.7.3-6 | — | — |
| msrc | azl3_cloud-provider-kubevirt_0.5.1-1 | — | — |
| msrc | azl3_containerd_1.7.13-5 | — | — |
| msrc | azl3_containerd_1.7.13-8 | — | — |
| msrc | azl3_containerized-data-importer_1.57.0-14 | — | — |
| msrc | azl3_containerized-data-importer_1.57.0-6 | — | — |
| msrc | azl3_coredns_1.11.1-3 | — | — |
| msrc | azl3_coredns_1.11.1-4 | — | — |
| msrc | azl3_cri-tools_1.29.0-1 | — | — |
| msrc | azl3_cri-tools_1.30.1-1 | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vendor_msrc7.5HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Eclipse Jetty URI parsing of invalid authority
ghsa·2024-10-14
CVE-2024-6763 [MEDIUM] CWE-1286 Eclipse Jetty URI parsing of invalid authority
Eclipse Jetty URI parsing of invalid authority
## Summary
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, `HttpURI`, for URI/URL parsing.
The `HttpURI` class does insufficient validation on the authority segment of a URI. However the behaviour of `HttpURI` differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically `HttpURI` and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.
## Details
### Affected components
The vulnerable component
GHSA
Denial of Service in TYPO3 Bookmark Toolbar
ghsa·2024-10-08
CVE-2024-34537 [LOW] CWE-1286 Denial of Service in TYPO3 Bookmark Toolbar
Denial of Service in TYPO3 Bookmark Toolbar
### Problem
Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account.
### Solution
Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described.
### Credits
Thanks to Hendrik Eichner who reported this issue and to TYPO3 core & security team members Oliver Hader and Benjamin Franzke who fixed the issue.
### References
* [TYPO3-CORE-SA-2024-011](https://typo3.org/security/advisory/typo3-core-sa-2024-001)
GHSA
GHSA-6r36-crx2-h5cg: The pmpro-membership-maps WordPress plugin before 0
ghsa_unreviewed·2024-07-30
CVE-2024-1286 [MEDIUM] GHSA-6r36-crx2-h5cg: The pmpro-membership-maps WordPress plugin before 0
The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.
GHSA
github.com/google/nftable IP addresses were encoded in the wrong byte order
ghsa·2024-07-04
CVE-2024-6284 [MEDIUM] CWE-1286 github.com/google/nftable IP addresses were encoded in the wrong byte order
github.com/google/nftable IP addresses were encoded in the wrong byte order
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).
This issue affects: https://pkg.go.dev/github.com/google/[email protected]
The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/[email protected]
GHSA
Express.js Open Redirect in malformed URLs
ghsa·2024-03-25
CVE-2024-29041 [MEDIUM] CWE-1286 Express.js Open Redirect in malformed URLs
Express.js Open Redirect in malformed URLs
### Impact
Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.
When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.
The main method impacted is `res.location()` but this is also called from within `res.redirect()`.
### Patches
https://github.com/expressjs/expr
Red Hat
kernel: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
vendor_redhat·2024-12-27·CVSS 5.5
CVE-2024-56586 [MEDIUM] kernel: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
kernel: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
creating a large files during checkpoint disable until it runs out of
space and then delete it, then remount to enable checkpoint again, and
then unmount the filesystem triggers the f2fs_bug_on as below:
------------[ cut here ]------------
kernel BUG at fs/f2fs/inode.c:896!
CPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360
Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
RIP: 0010:f2fs_evict_inode+0x58c/0x610
Call Trace:
__die_body+0x15/0x60
die+0x33/0x50
do_trap+0x10a/0x120
f2fs_evict_inode+0x58c/0x610
do_error_trap+0x60/0x80
f2fs_evict_inode+0x
Red Hat
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
vendor_redhat·2024-10-14·CVSS 3.7
CVE-2024-6763 [LOW] CWE-1286 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.
The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI
differs from the common browsers in how it handles a URI that would be
considered invalid if fully validated against the RRC. Specifically HttpURI
and the browser may differ on the value of the host extracted from an
invalid URI and thus a combination of Jetty and a vulnerable browser may
be vulnerable to a open redirect attack or to a SSRF attack if the URI
is used after passing validation checks.
A flaw was found in Jetty. The HttpURI class performs
Red Hat
php: Erroneous parsing of multipart form data
vendor_redhat·2024-10-07·CVSS 3.1
CVE-2024-8925 [LOW] CWE-1286 php: Erroneous parsing of multipart form data
php: Erroneous parsing of multipart form data
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.
A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such that 5Kib < |X| < |B| < 8Kib, the logic responsible for parsing and s
Red Hat
json-lib: Mishandling of an unbalanced comment string in json-lib
vendor_redhat·2024-10-04·CVSS 5.3
CVE-2024-47855 [MEDIUM] CWE-1286 json-lib: Mishandling of an unbalanced comment string in json-lib
json-lib: Mishandling of an unbalanced comment string in json-lib
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
A flaw was found in JSON-lib's JSONTokener component. This vulnerability allows a denial of service via an unbalanced comment string.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: org.elasticsearch.plugin.prometheus-prometheus-exporter (Logging Subsystem for Red Hat OpenShift) - Fix deferred
Package: net.sf.json-lib/json-lib (Red Hat Data Grid 8) - Will not fix
Package: net.sf.json-lib/json-lib (Red Hat Fuse 7) - Out of support
Juniper
CVE-2024-39542: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series
vendor_juniper·2024-07-11·CVSS 7.5
CVE-2024-39542 [HIGH] CWE-1286 CVE-2024-39542: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series
CVE-2024-39542: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).
This issue can occur in two scenarios:
1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)
2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio pro
Juniper
CVE-2024-21598: An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS
vendor_juniper·2024-04-12·CVSS 7.5
CVE-2024-21598 [HIGH] CWE-1286 CVE-2024-21598: An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS
CVE-2024-21598: An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.
This issue affects Juniper Networks
Junos OS:
* 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions
Microsoft
Infinite loop in JSON unmarshaling in google.golang.org/protobuf
vendor_msrc·2024-03-12·CVSS 7.5
CVE-2024-24786 [HIGH] CWE-1286 Infinite loop in JSON unmarshaling in google.golang.org/protobuf
Infinite loop in JSON unmarshaling in google.golang.org/protobuf
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://le
Juniper
CVE-2024-21616:
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unaut
vendor_juniper·2024-01-12·CVSS 7.5
CVE-2024-21616 [HIGH] CWE-1286 CVE-2024-21616:
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unaut
CVE-2024-21616:
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.
NAT IP usage can be monitored by running the following command.
user@srx> show security nat resource-usage source-pool
Pool name: source_pool_name
..
Address Factor-index Port-range Used Avail Total Usage
X.X.X.X
0 Single Ports 50258 52342 62464 96% <<<<<
- A
Juniper
CVE-2024-21595:
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a ne
vendor_juniper·2024-01-12·CVSS 7.5
CVE-2024-21595 [HIGH] CWE-1286 CVE-2024-21595:
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a ne
CVE-2024-21595:
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.
This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.
This issue affects:
Juniper Networks Junos OS
* 21.4R3 versions earlier than 21.4R3-S4;
* 22.1R3 versions earlier than 22.1R3-S3;
* 22.2R2 versions earlier than 22.2R3-S1;
* 22.3 versions earlier than 22.3R2-S2, 22.3R3;
* 22.4 versions earlier than 22.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-30
Published