VulDB Recent Entries

A vulnerability has been found in Red Hat Discovery, Storage and Update Infrastructure for Cloud Providers and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Ansible Vault File Handler. The manipulation leads to sensitive information in log files. This vulnerability is known as CVE-2024-8775. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, was found in Best Free Law Office Management Software 1.0. Affected is an unknown function of the file kortex_lite/control/register_case.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-44430. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WP Booking System Plugin up to 2.0.19.8 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-8797. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Lenovo 10w Laptop BIOS, L390 Laptops BIOS and L390 Yoga Laptops BIOS. This vulnerability affects unknown code of the component UEFI Shell. The manipulation leads to active debug code. This vulnerability was named CVE-2024-7756. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Lenovo 100w Gen 3 Laptop BIOS, 100w Gen 4 Laptop BIOS, 13w Yoga Laptop BIOS, 13w Yoga Gen 2 (Type 82YR, 82YS) Laptop BIOS, 14W Gen 2 Laptop BIOS, 300w Gen 3 Laptop BIOS, 300w Yoga Gen 4 Laptop BIOS, 500w Yoga Gen 4 Laptop BIOS, Flex 5-14ITL05 Laptop (ideapad) BIOS, Flex 5-15ITL05 Laptop (ideapad) BIOS, IdeaPad 1 14ALC7 Laptop BIOS, IdeaPad 1 15ALC7 Laptop BIOS, IdeaPad 1-11IGL05 Laptop BIOS, IdeaPad 1-14IGL05 Laptop BIOS, IdeaPad 3 14ABA7 Laptop BIOS, IdeaPad 3 15ABA7 Laptop BIOS, IdeaPad 3 17ABA7 Laptop BIOS, IdeaPad 3-14ALC6 Laptop BIOS, IdeaPad 3-15ALC6 Laptop BIOS, IdeaPad 3-17ALC6 Laptop BIOS, ideapad 5-15ALC05 Laptop BIOS, IdeaPad Flex 5 14ABR8 BIOS, IdeaPad Flex 5 14ALC7 Laptop BIOS, IdeaPad Flex 5 14IAU7 Laptop BIOS, IdeaPad Flex 5 14IRU8 BIOS, IdeaPad Flex 5 16ABR8 BIOS, IdeaPad Flex 5 16ALC7 BIOS, IdeaPad Flex 5 16IAU7 BIOS, IdeaPad Flex 5 16IRU8 BIOS, IdeaPad Slim 3 14ABR8 BIOS, IdeaPad Slim 3 14AMN8 BIOS, IdeaPad Slim 3 15ABR8 BIOS, IdeaPad Slim 3 15AMN8 BIOS, IdeaPad Slim 3 16ABR8 BIOS, IdeaPad Slim 5 Light 14ABR8 BIOS, K14 G2 IRU BIOS, Flex 7 14IAU7 BIOS, Flex 7 14IRU8 BIOS, V14 G3 ABA Laptop BIOS, V14 G4 ABP BIOS, V14 G4 AMN BIOS, V15 G3 ABA Laptop BIOS, V15 G4 ABP BIOS, V15 G4 AMN BIOS, ThinkBook 13s G4 ARB BIOS, ThinkBook 13s G4 IAP BIOS, ThinkBook 13x G2 IAP Laptop BIOS, ThinkBook 14 G6 ABP BIOS, ThinkBook 14 G6 IRL BIOS, ThinkBook 16 G6 ABP BIOS, ThinkBook 16 G6 IRL BIOS, V14 G2-ALC Laptop BIOS, V15 G2-ALC Laptop BIOS, Yoga Slim 7 Pro-14ACH5 Laptop BIOS and Yoga Slim 7 Pro-14ACH5 O Laptop BIOS. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-3100. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lenovo HX5530 Appliance XCC, HX7530 Appliance XCC, ST250 V3 XCC, VX3331 Certified Node XCC, HX Enclosure Certified Node XCC, HX1021 Edge Certified Node 3yr XCC, HX1320 Appliance XCC, HX1321 Certified Node XCC, HX1331 Certified Node XCC, HX1520-R Appliance XCC, HX1521-R Certified Node XCC, HX2320-E Appliance XCC, HX2321 Certified Node XCC, HX2330 Appliance XCC, HX2331 Certified Node XCC, HX2720-E Appliance XCC, HX3320 Appliance XCC, HX3321 Certified Node XCC, HX3330 Appliance XCC, HX3331 Certified Node XCC, HX3331 Node SAP HANA XCC, HX3375 Appliance XCC, HX3376 Certified Node XCC, HX3520-G Appliance XCC, HX3521-G Certified Node XCC, HX3720 Appliance XCC, HX3721 Certified Node XCC, HX5520 Appliance XCC, HX5520-C Appliance XCC, HX5521 Certified Node XCC, HX5521-C Certified Node XCC, HX5531 Certified Node XCC, HX7520 Appliance XCC, HX7521 Certified Node XCC, HX7530 Appl for SAP HANA XCC, HX7531 Certified Node XCC, HX7531 Node SAP HANA XCC, HX7820 Appliance XCC, HX7821 Certified Node XCC, MX Edge Appliance - MX1020 XCC, MX3330-F All-flash Appliance XCC and MX3330-. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IPMI Handler. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is handled as CVE-2024-8059. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lenovo XClarity Administrator up to 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web API Call. The manipulation leads to improper ownership management. This vulnerability is known as CVE-2024-45104. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lenovo XClarity Administrator up to 4.0. It has been classified as problematic. Affected is an unknown function of the component Web Interface. The manipulation leads to improper ownership management. This vulnerability is traded as CVE-2024-45103. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Bitwarden Vaultwarden 1.30.3 and classified as problematic. This issue affects some unknown processing of the component Content Security Policy Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-39926. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Lenovo P360 Workstation BIOS, ST50 BIOS, ST50 V2 BIOS, ST58 BIOS and ST58 V2 BIOS and classified as critical. This vulnerability affects unknown code. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-4550. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as critical, was found in Lenovo HX5530 Appliance XCC, HX7530 Appliance XCC, ST250 V3 XCC, VX3331 Certified Node XCC, HX Enclosure Certified Node XCC, HX1021 Edge Certified Node 3yr XCC, HX1320 Appliance XCC, HX1321 Certified Node XCC, HX1331 Certified Node XCC, HX1520-R Appliance XCC, HX1521-R Certified Node XCC, HX2320-E Appliance XCC, HX2321 Certified Node XCC, HX2330 Appliance XCC, HX2331 Certified Node XCC, HX2720-E Appliance XCC, HX3320 Appliance XCC, HX3321 Certified Node XCC, HX3330 Appliance XCC, HX3331 Certified Node XCC, HX3331 Node SAP HANA XCC, HX3375 Appliance XCC, HX3376 Certified Node XCC, HX3520-G Appliance XCC, HX3521-G Certified Node XCC, HX3720 Appliance XCC, HX3721 Certified Node XCC, HX5520 Appliance XCC, HX5520-C Appliance XCC, HX5521 Certified Node XCC, HX5521-C Certified Node XCC, HX5531 Certified Node XCC, HX7520 Appliance XCC, HX7521 Certified Node XCC, HX7530 Appl for SAP HANA XCC, HX7531 Certified Node XCC, HX7531 Node SAP HANA XCC, HX7820 Appliance XCC, HX7821 Certified Node XCC, MX Edge Appliance - MX1020 XCC, MX3330-F All-flash Appliance XCC and MX3330-. This affects an unknown part of the component System Management Mode. The manipulation leads to expired pointer dereference. This vulnerability is uniquely identified as CVE-2024-45105. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Lenovo HX5530 Appliance XCC, HX7530 Appliance XCC, ST250 V3 XCC, VX3331 Certified Node XCC, HX Enclosure Certified Node XCC, HX1021 Edge Certified Node 3yr XCC, HX1320 Appliance XCC, HX1321 Certified Node XCC, HX1331 Certified Node XCC, HX1520-R Appliance XCC, HX1521-R Certified Node XCC, HX2320-E Appliance XCC, HX2321 Certified Node XCC, HX2330 Appliance XCC, HX2331 Certified Node XCC, HX2720-E Appliance XCC, HX3320 Appliance XCC, HX3321 Certified Node XCC, HX3330 Appliance XCC, HX3331 Certified Node XCC, HX3331 Node SAP HANA XCC, HX3375 Appliance XCC, HX3376 Certified Node XCC, HX3520-G Appliance XCC, HX3521-G Certified Node XCC, HX3720 Appliance XCC, HX3721 Certified Node XCC, HX5520 Appliance XCC, HX5520-C Appliance XCC, HX5521 Certified Node XCC, HX5521-C Certified Node XCC, HX5531 Certified Node XCC, HX7520 Appliance XCC, HX7521 Certified Node XCC, HX7530 Appl for SAP HANA XCC, HX7531 Certified Node XCC, HX7531 Node SAP HANA XCC, HX7820 Appliance XCC, HX7821 Certified Node XCC, MX Edge Appliance - MX1020 XCC, MX3330-F All-flash Appliance XCC and MX3330-. Affected by this issue is some unknown functionality of the component XCC SSH Captive Shell. The manipulation leads to os command injection. This vulnerability is handled as CVE-2024-8281. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Lenovo HX5530 Appliance XCC, HX7530 Appliance XCC, ST250 V3 XCC, VX3331 Certified Node XCC, HX Enclosure Certified Node XCC, HX1021 Edge Certified Node 3yr XCC, HX1320 Appliance XCC, HX1321 Certified Node XCC, HX1331 Certified Node XCC, HX1520-R Appliance XCC, HX1521-R Certified Node XCC, HX2320-E Appliance XCC, HX2321 Certified Node XCC, HX2330 Appliance XCC, HX2331 Certified Node XCC, HX2720-E Appliance XCC, HX3320 Appliance XCC, HX3321 Certified Node XCC, HX3330 Appliance XCC, HX3331 Certified Node XCC, HX3331 Node SAP HANA XCC, HX3375 Appliance XCC, HX3376 Certified Node XCC, HX3520-G Appliance XCC, HX3521-G Certified Node XCC, HX3720 Appliance XCC, HX3721 Certified Node XCC, HX5520 Appliance XCC, HX5520-C Appliance XCC, HX5521 Certified Node XCC, HX5521-C Certified Node XCC, HX5531 Certified Node XCC, HX7520 Appliance XCC, HX7521 Certified Node XCC, HX7530 Appl for SAP HANA XCC, HX7531 Certified Node XCC, HX7531 Node SAP HANA XCC, HX7820 Appliance XCC, HX7821 Certified Node XCC, MX Edge Appliance - MX1020 XCC, MX3330-F All-flash Appliance XCC, MX3330-H Hybrid Appliance XCC, MX3331-F All-flash Certified node XCC, MX3331-H Hybrid Certified node XCC, MX3530 F All flash Appliance XCC, MX3530-H Hybrid Appliance XCC, MX3531 H Hybrid Certified node XCC, MX3531-F All-flash Certified node XCC, P920 Rack Workstation XCC, SD530 XCC, SD530 V3 XCC, SD550 V3 XCC, SD630 V2 XCC, SD650 DWC Dual Node Tray XCC, SD650 V2 XCC, SD650 V3 XCC, SD650-N V2 XCC, SD665 V3 XCC, SE350 XCC, SE350 V2 XCC, SE360 V2 XCC, SE450 XCC, SE455 V3 XCC, SN550 XCC, SN550 V2 XCC, SN850 XCC, SR150 XCC, SR158 XCC, SR250 XCC, SR250 V2 XCC and SR250 V3 XC. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-8280. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Lenovo HX5530 Appliance XCC, HX7530 Appliance XCC, ST250 V3 XCC, VX3331 Certified Node XCC, HX Enclosure Certified Node XCC, HX1021 Edge Certified Node 3yr XCC, HX1320 Appliance XCC, HX1321 Certified Node XCC, HX1331 Certified Node XCC, HX1520-R Appliance XCC, HX1521-R Certified Node XCC, HX2320-E Appliance XCC, HX2321 Certified Node XCC, HX2330 Appliance XCC, HX2331 Certified Node XCC, HX2720-E Appliance XCC, HX3320 Appliance XCC, HX3321 Certified Node XCC, HX3330 Appliance XCC, HX3331 Certified Node XCC, HX3331 Node SAP HANA XCC, HX3375 Appliance XCC, HX3376 Certified Node XCC, HX3520-G Appliance XCC, HX3521-G Certified Node XCC, HX3720 Appliance XCC, HX3721 Certified Node XCC, HX5520 Appliance XCC, HX5520-C Appliance XCC, HX5521 Certified Node XCC, HX5521-C Certified Node XCC, HX5531 Certified Node XCC, HX7520 Appliance XCC, HX7521 Certified Node XCC, HX7530 Appl for SAP HANA XCC, HX7531 Certified Node XCC, HX7531 Node SAP HANA XCC, HX7820 Appliance XCC, HX7821 Certified Node XCC, MX Edge Appliance - MX1020 XCC, MX3330-F All-flash Appliance XCC, MX3330-H Hybrid Appliance XCC, MX3331-F All-flash Certified node XCC, MX3331-H Hybrid Certified node XCC, MX3530 F All flash Appliance XCC, MX3530-H Hybrid Appliance XCC, MX3531 H Hybrid Certified node XCC, MX3531-F All-flash Certified node XCC, P920 Rack Workstation XCC, SD530 XCC, SD530 V3 XCC, SD550 V3 XCC, SD630 V2 XCC, SD650 DWC Dual Node Tray XCC, SD650 V2 XCC, SD650 V3 XCC, SD650-N V2 XCC, SD665 V3 XCC, SE350 XCC, SE350 V2 XCC, SE360 V2 XCC, SE450 XCC, SE455 V3 XCC, SN550 XCC, SN550 V2 XCC, SN850 XCC, SR150 XCC, SR158 XCC, SR250 XCC, SR250 V2 XCC and SR250 V3 XC. Affected is an unknown function of the component File Handler. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-8279. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lenovo HX5530 Appliance XCC, HX7530 Appliance XCC, ST250 V3 XCC, VX3331 Certified Node XCC, HX Enclosure Certified Node XCC, HX1021 Edge Certified Node 3yr XCC, HX1320 Appliance XCC, HX1321 Certified Node XCC, HX1331 Certified Node XCC, HX1520-R Appliance XCC, HX1521-R Certified Node XCC, HX2320-E Appliance XCC, HX2321 Certified Node XCC, HX2330 Appliance XCC, HX2331 Certified Node XCC, HX2720-E Appliance XCC, HX3320 Appliance XCC, HX3321 Certified Node XCC, HX3330 Appliance XCC, HX3331 Certified Node XCC, HX3331 Node SAP HANA XCC, HX3375 Appliance XCC, HX3376 Certified Node XCC, HX3520-G Appliance XCC, HX3521-G Certified Node XCC, HX3720 Appliance XCC, HX3721 Certified Node XCC, HX5520 Appliance XCC, HX5520-C Appliance XCC, HX5521 Certified Node XCC, HX5521-C Certified Node XCC, HX5531 Certified Node XCC, HX7520 Appliance XCC, HX7521 Certified Node XCC, HX7530 Appl for SAP HANA XCC, HX7531 Certified Node XCC, HX7531 Node SAP HANA XCC, HX7820 Appliance XCC, HX7821 Certified Node XCC, MX Edge Appliance - MX1020 XCC, MX3330-F All-flash Appliance XCC, MX3330-H Hybrid Appliance XCC, MX3331-F All-flash Certified node XCC, MX3331-H Hybrid Certified node XCC, MX3530 F All flash Appliance XCC, MX3530-H Hybrid Appliance XCC, MX3531 H Hybrid Certified node XCC, MX3531-F All-flash Certified node XCC, P920 Rack Workstation (ThinkStation) XCC, SD530 XCC, SD530 V3 XCC, SD550 V3 XCC, SD630 V2 XCC, SD650 DWC Dual Node Tray XCC, SD650 V2 XCC, SD650 V3 XCC, SD650-N V2 XCC, SD665 V3 XCC, SE350 XCC, SE350 V2 XCC, SE360 V2 XCC, SE450 XCC, SE455 V3 XCC, SN550 XCC, SN550 V2 XCC, SN850 XCC, SR150 XCC, SR158 XCC, SR250 XCC, SR250 V2 XCC and SR250 V3 XC. It has been rated as critical. This issue affects some unknown processing of the component IPMI Command Handler. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2024-8278. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vaultwarden 1.30.3. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2024-39925. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Lenovo XClarity Administrator up to 4.0. It has been classified as problematic. This affects an unknown part of the component URL Handler. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2024-45101. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vaultwarden 1.30.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-39924. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability has been found in lunary-ai lunary up to 1.4.9 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-6862. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in AutomationDirect DirectLogic H2-DM1E up to 2.8.0. Affected is an unknown function. The manipulation leads to session fixiation. This vulnerability is traded as CVE-2024-45368. Access to the local network is required for this attack. There is no exploit available.