CVE-2024-1287
published 2024-07-30CVE-2024-1287: The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.52%
40.3th percentile
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost_server_v8 | >= 10.0.0 < 10.0.3 | 10.0.3 |
| github.com | mattermost_mattermost_server_v8 | >= 10.1.0 < 10.1.3 | 10.1.3 |
| github.com | mattermost_mattermost_server_v8 | >= 9.11.0 < 9.11.5 | 9.11.5 |
| github.com | mattermost_mattermost_server_v8 | >= 9.5.0 < 9.5.13 | 9.5.13 |
| juniper | junos_os | — | — |
| juniper | srx_series | — | — |
| moodle | moodle | >= 0 < 4.1.12 | 4.1.12 |
| moodle | moodle | >= 4.2.0-beta < 4.2.9 | 4.2.9 |
| moodle | moodle | >= 4.3.0-beta < 4.3.6 | 4.3.6 |
| moodle | moodle | >= 4.4.0-beta < 4.4.2 | 4.4.2 |
| strangerstudios | paid_memberships_pro | < 1.2.6 | 1.2.6 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cisa9.3CRITICAL
vendor_cisco8.6HIGH
vendor_redhat8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mattermost Improper Validation of Specified Type of Input vulnerability
ghsa·2024-12-16
CVE-2024-54083 [MEDIUM] CWE-1287 Mattermost Improper Validation of Specified Type of Input vulnerability
Mattermost Improper Validation of Specified Type of Input vulnerability
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.
GHSA
Moodle has arbitrary file read risk through pdfTeX
ghsa·2024-11-07
CVE-2024-43426 [MEDIUM] CWE-1287 Moodle has arbitrary file read risk through pdfTeX
Moodle has arbitrary file read risk through pdfTeX
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
GHSA
GHSA-vcwx-63wp-cqr7: The pmpro-member-directory WordPress plugin before 1
ghsa_unreviewed·2024-07-30
CVE-2024-1287 [MEDIUM] CWE-202 GHSA-vcwx-63wp-cqr7: The pmpro-member-directory WordPress plugin before 1
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.
Red Hat
python: Improper validation of IPv6 and IPvFuture addresses
vendor_redhat·2024-11-12·CVSS 6.3
CVE-2024-11168 [MEDIUM] CWE-1287 python: Improper validation of IPv6 and IPvFuture addresses
python: Improper validation of IPv6 and IPvFuture addresses
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.
Package: python3.12 (Red Hat Enterprise Linux 10) - Not affected
Package: python3.11 (Red Hat Enterprise Linux 8)
Cisco
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability
vendor_cisco·2024-10-23·CVSS 7.7
CVE-2024-20408 [HIGH] CWE-1287 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability
A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly. To exploit this vulnerability, an attacker would need valid remote access VPN user credentials on the affected device.
This vulnerability is due to improper validation of data in HTTPS POST requests. An attacker could exploit this vulnerability by sending a crafted HTTPS POST request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of
Cisco
Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability
vendor_cisco·2024-10-23·CVSS 8.6
CVE-2024-20494 [HIGH] CWE-1287 Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability
Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability
A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper data validation during the TLS 1.3 handshake. An attacker could exploit this vulnerability by sending a crafted TLS 1.3 packet to an affected system through a TLS 1.3-enabled listening socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Note: This vulnerability can also impact the integrity
Juniper
CVE-2024-47504: An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allo
vendor_juniper·2024-10-11·CVSS 7.5
CVE-2024-47504 [HIGH] CWE-1287 CVE-2024-47504: An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allo
CVE-2024-47504: An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos).
When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart.
This issue affects Junos OS:
* 22.1 releases 22.1R1 and later before 22.2R3-S5,
* 22.3 releases before 22.3R3-S4,
* 22.4 releases before 22.4R3-S4,
* 23.2 releases before 23.2R2-S2,
* 23.4 releases before 23.4R2-S1,
* 24.2 releases before 24.2R1-S1, 24.2R2.
Please note that the PR does indicate that earlier versions have been fixed as well, but these won't be adversely impacted by this.
CISA
ServiceNow Improper Input Validation Vulnerability
cisa·2024-07-29·CVSS 9.3
CVE-2024-4879 [CRITICAL] CWE-1287 ServiceNow Improper Input Validation Vulnerability
Vulnerability: ServiceNow Improper Input Validation Vulnerability
Affected: ServiceNow Utah, Vancouver, and Washington DC Now Platform
ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154; https://nvd.nist.gov/vuln/detail/CVE-2024-4879
Remediation Due Date: 2024-08-19
Red Hat
python-django: Potential denial-of-service in django.utils.html.urlize()
vendor_redhat·2024-07-26·CVSS 7.5
CVE-2024-38875 [HIGH] CWE-1287 python-django: Potential denial-of-service in django.utils.html.urlize()
python-django: Potential denial-of-service in django.utils.html.urlize()
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
A vulnerability was found in the Django framework's urlize and urlizetrunc functions, where an attacker can input a certain string containing a large number of brackets, leads to a potential denial of service when the application attempts to process the excessive input.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Red Hat
python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()
vendor_redhat·2024-07-09·CVSS 7.5
CVE-2024-39614 [HIGH] CWE-1287 python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()
python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
A vulnerability was found in Python-Django in the get_supported_language_variant() function. The issue triggers when parsed with very long strings, including a specific set of characters, leading to a potential denial of service attack.
Package: ansible-tower (Red Hat Ansible Automation Platform 1.2) - Will not fix
Package: python-django (Red Hat Certification for Red Hat Enterprise Linux 7) - Will not fix
Package: redhat-certification (Red Hat Certification for
Red Hat
Mozilla: Memory Corruption in Text Fragments
vendor_redhat·2024-06-11·CVSS 8.6
CVE-2024-5696 [HIGH] CWE-1287 Mozilla: Memory Corruption in Text Fragments
Mozilla: Memory Corruption in Text Fragments
By manipulating the text in an ` ` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox ` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Juniper
CVE-2024-30395: An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenti
vendor_juniper·2024-04-12·CVSS 7.5
CVE-2024-30395 [HIGH] CWE-1287 CVE-2024-30395: An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenti
CVE-2024-30395: An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.
This issue affects:
Junos OS:
* all versions before 21.2R3-S7,
* from 21.3 before 21.3R3-S5,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R1-S2, 23.2R2.
Junos OS Evolved:
* all versions before 21.2R3-S7-EVO,
* from 21.3-EVO before 21.3R3-S5-EVO,
* from 21.4
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-30
Published