Security Vulnerabilities - CVEs Published In January 2024
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-01-08
Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-01-08
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-01-08
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
4.4
EPSS Score
0.002
Published
2024-01-08
Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-01-08
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-01-08
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-01-08
A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-01-08
A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872.
CVSS Score
5.3
EPSS Score
0.937
Published
2024-01-08
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-01-08