CVE-2024-42366 : VRCX-TEAM VRCX PRIOR 2024.03.23 PRIVILEGES MANAGEMENT

Description

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC’s API side. Users who use the older version of VRCX must update their installation to continue using VRCX.

References

https://github.com/vrcx-team/VRCX/security/advisories/GHSA-j98g-mgjm-wqph

https://github.com/vrcx-team/VRCX/commit/cd2387aa3289f936ce60049121c24b0765bd4180

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-12832 : ARISTA NG FIREWALL 17.1.1 REPORTENTRY SQL INJECTION

CVE-2024-12832 : ARISTA NG FIREWALL 17.1.1 REPORTENTRY SQL INJECTION

Description Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create

CVE-2024-12728 : SOPHOS FIREWALL UP TO 20.0 MR2 SSH WEAK CREDENTIALS

CVE-2024-12728 : SOPHOS FIREWALL UP TO 20.0 MR2 SSH WEAK CREDENTIALS

Description A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3

CVE-2021-26102 : FORTINET FORTIWAN UP TO 4.4.1/4.5.7 POST REQUEST AUTHENTICATION BYPASS

CVE-2021-26102 : FORTINET FORTIWAN UP TO 4.4.1/4.5.7 POST REQUEST AUTHENTICATION BYPASS

Description A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote