Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

The Fun and Dangers of Top Level Domains (TLDs)

Published: 2024-01-31

Last Updated: 2024-01-31 16:55:32 UTC

by Johannes Ullrich (Version: 1)

In the beginning, life was easy. We had a very limited set of top-level domains: .com, .edu, .gov, ..int, org, .mil, .net, .org, .edu. In addition, we had .arpa for infrastructure use and various two letter country level domains.

But that initial set of TLDs was insufficient as the internet grew, and we had several additions:

  • International Domains (IDN) allow for Punycode-encoded Unicode characters.
  • Generic top-level domains, allowing anybody to apply for a TLD of their choice.
  • A few special use TLDs like .example, .invalid, .local, .onion and .test

And I am only considering ICANN-sanctioned TLDs. We also have a couple of alternate roots.

ICANN is consistently expanding the gTLDs. But yesterday, I noticed some news about a new interesting TLD that you may want to consider adopting: .internal.

Until now, there has been no "official" TLD for internal use. ".local" is reserved for multicast DNS, and using it internally can lead to odd conflicts if your unicast and multicast DNS processes overlap. Companies have run into issues with "adopting" unused top-level domains if they become official and used. For example, the European router manufacturer AVM used "fritz.box" for the internal admin interface of its popular "FRITZ!Box" line of routers.

First, many of these issues disappear if you use a properly registered domain name. You may, for example, register "example-internal.com" for internal use. For external users, you can configure a wildcard entry directing users to a static placeholder page. It will also be easy to get proper TLS certificates for hosts within the domain, should you need them.

Read the full entry: https://isc.sans.edu/diary/The+Fun+and+Dangers+of+Top+Level+Domains+TLDs/30608/

DShield Sensor Log Collection with Elasticsearch

Published: 2024-02-03

Last Updated: 2024-02-03 15:44:16 UTC

by Guy Bruneau (Version: 1)

This is fork from the original work by Scott Jensen originally published here as guest diary part of the SANS.edu BACS program. This update has a number of new features now available in Github.

The docker compose is custom built to be used with the DShield Honeypot to collect, store, parse sensor logs and display the data in a visual and easy way to search and analyze them for research purposes. The assume the DShield sensor is already installed in a Raspberry using PI Raspbian OS or a system running Ubuntu 20.04 LTS either in your network or in the cloud of your choice.

Suggested Setup of ELK Server Based on Ubuntu

  • Ubuntu 20.04 LTS Live Server 64-Bit
  • Minimum 8+ GB RAM
  • If the amount of RAM assigned to each container (see below) is more than 2GB, consider increasing the server RAM capacity.
  • 4-8 Cores
  • Minimum 40 GB partition assigned to /var/lib/docker
  • Setting Up Docker

The instructions to setup docker and Elasticsearch are listed here ...

The docker package comes setup with the fleet-server and the elastic-agent pre-loaded in docker with 350+ integration for collecting and analyzing data which can be used to add threat intel to ELK, collect netflow data with softflowd or any other logs you want to send to ELK. Docker compose is configured with the following components ...

Read the full entry: https://isc.sans.edu/diary/DShield+Sensor+Log+Collection+with+Elasticsearch/30616/

Internet Storm Center Entries


Computer viruses are celebrating their 40th birthday (well, 54th, really) (2024.02.06)

https://isc.sans.edu/diary/Computer+viruses+are+celebrating+their+40th+birthday+well+54th+really/30624/

Public Information and Email Spam (2024.02.05)

https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/

What is a "Top Level Domain"? (2024.02.01)

https://isc.sans.edu/diary/What+is+a+Top+Level+Domain/30612/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-21893 - Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA versions 9.x and 22.x allow attackers to access restricted resources without authentication due to a server-side request forgery vulnerability in the SAML component.

Product: Ivanti Policy_Secure 22.6

CVSS Score: 8.2

** KEV since 2024-01-31 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21893

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8840

NVD References: https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US



CVE-2024-21888 - Ivanti Connect Secure and Ivanti Policy Secure (9.x, 22.x) contain a privilege escalation vulnerability that enables users to gain administrator privileges.

Product: Ivanti Policy_Secure 22.6

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21888

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8834

NVD References: https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US



CVE-2024-23917 - In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Product: JetBrains TeamCity

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23917

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8842

NVD References: https://www.jetbrains.com/privacy-security/issues-fixed/



CVE-2023-51837 - Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.

Product: MeshCentral 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51837

NVD References: 

- https://github.com/Ylianst/MeshCentral/blob/master/mpsserver.js

- https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md

- https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51837.md



CVE-2023-51982 - CrateDB 5.5.1's Admin UI component allows authentication bypass by setting a specific X-Real IP request header and accessing the UI directly with default user identity.

Product: CrateDB 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51982

NVD References: https://github.com/crate/crate/issues/15231



CVE-2024-22682 - DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.

Product: DuckDB 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22682

NVD References: https://github.com/Tu0Laj1/database_test



CVE-2024-1027 - SourceCodester Facebook News Feed Like 1.0 allows remote attackers to perform unrestricted file uploads via manipulation of the Post Handler component.

Product: Oretnom23 Facebook News Feed Like

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1027

NVD References: 

- https://vuldb.com/?ctiid.252300

- https://vuldb.com/?id.252300



CVE-2024-21488 - Network versions before 0.7.0 allow arbitrary command execution through the mac_address_for function due to lack of input sanitization.

Product: Forkhq Network

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21488

NVD References: 

- https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c

- https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7

- https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7

- https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5

- https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371



CVE-2023-6943 - Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later, and MX OPC Server DA/UA all versions allow remote unauthenticated attacker to execute malicious code through RPC with path to a malicious library.

Product: Mitsubishi Electric Corporation EZSocket

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6943

NVD References: 

- https://jvn.jp/vu/JVNVU95103362

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02

- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf



CVE-2024-1061 - The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25, is vulnerable to an unauthenticated SQL injection in the 'id' parameter of the 'get_view' function.

Product: HTML5 Video Player WordPress plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1061

NVD References: https://www.tenable.com/security/research/tra-2024-02



CVE-2024-1032 - openBI up to 1.0.8 allows remote attackers to launch a critical deserialization attack via manipulation of the testConnection function in /application/index/controller/Databasesource.php, as disclosed in VDB-252307.

Product: openBI Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1032

NVD References: 

- https://note.zhaoj.in/share/6ISYe2urjlkI

- https://vuldb.com/?ctiid.252307

- https://vuldb.com/?id.252307



CVE-2024-1034 - openBI up to 1.0.8 allows remote attackers to perform unrestricted upload via manipulation of the uploadFile function in the file /application/index/controller/File.php, with a critical vulnerability assigned the identifier VDB-252309.

Product: openBI Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1034

NVD References: 

- https://note.zhaoj.in/share/ABYkFE4wRPW5

- https://vuldb.com/?ctiid.252309

- https://vuldb.com/?id.252309



CVE-2024-1035 - openBI up to 1.0.8 is vulnerable to a critical unrestricted upload flaw in the function uploadIcon, allowing remote attackers to execute arbitrary code.

Product: openBI Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1035

NVD References: 

- https://note.zhaoj.in/share/AIbnbytIW9Bq

- https://vuldb.com/?ctiid.252310

- https://vuldb.com/?id.252310



CVE-2024-1036 - openBI up to 1.0.8 is vulnerable to unrestricted remote file upload in the function uploadIcon of the Icon Handler component, with the exploit publicly disclosed (VDB-252311).

Product: openBI Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1036

NVD References:

- https://note.zhaoj.in/share/X1ASzPP5rHel

- https://vuldb.com/?ctiid.252311

- https://vuldb.com/?id.252311



CVE-2024-1113 - openBI up to 1.0.8 allows for unrestricted remote file upload via manipulation of the "file" argument in the uploadUnity function, as identified by VDB-252471.

Product: openBI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1113

NVD References: 

- https://note.zhaoj.in/share/hPSx8li8LFfJ

- https://vuldb.com/?ctiid.252471

- https://vuldb.com/?id.252471



CVE-2024-1114 - openBI up to 1.0.8 is vulnerable to a critical improper access control issue in the function dlfile of /application/index/controller/Screen.php, allowing remote attacks due to manipulation of the fileUrl argument (VDB-252472).

Product: openBI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1114

NVD References: 

- https://note.zhaoj.in/share/9wv48TygKRxo

- https://vuldb.com/?ctiid.252472

- https://vuldb.com/?id.252472



CVE-2024-1115 - openBI up to 1.0.8 is vulnerable to critical os command injection via manipulation of the phpPath argument in the dlfile function of Setting.php, enabling remote attackers to initiate the attack.

Product: openBI 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1115

NVD References: 

- https://note.zhaoj.in/share/81JmiyogcYL7

- https://vuldb.com/?ctiid.252473

- https://vuldb.com/?id.252473



CVE-2024-1116 - The openBI up to 1.0.8 is vulnerable to remote unrestricted file upload in the function index of the file /application/plugins/controller/Upload.php (VDB-252474).

Product: openBI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1116

NVD References: 

- https://note.zhaoj.in/share/uCElTQRGWVyw

- https://vuldb.com/?ctiid.252474

- https://vuldb.com/?id.252474



CVE-2024-1117 - openBI up to 1.0.8 is vulnerable to code injection via manipulation of the fileurl argument in the Screen.php controller, allowing for remote attacks, with a disclosed public exploit (VDB-252475).

Product: openBI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1117

NVD References: 

- https://note.zhaoj.in/share/Liu1nbjddxu4

- https://vuldb.com/?ctiid.252475

- https://vuldb.com/?id.252475



CVE-2024-24324 - TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.

Product: Totolink A8000RU

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24324

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A8000RU/TOTOlink%20A8000RU%20hard%20code.md



CVE-2024-24325 through CVE-2024-24333 - TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain multiple command injection vulnerabilities.

Product: Totolink A3300R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24325

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24326

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24327

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24328

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24329

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24330

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24331

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24332

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24333

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md

NVD References: https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/15/TOTOlink%20A3300R%20setWiFiAclRules.md



CVE-2024-1019 - ModSecurity / libModSecurity 3.0.0 to 3.0.11 is vulnerable to a WAF bypass through specially crafted request URLs containing hidden attack payloads in the path component.

Product: ModSecurity libModSecurity

CVSS Score: 8.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1019

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8834

NVD References: https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30



CVE-2023-5389 - Honeywell Experion VirtualUOC and UOC allow file modification, potentially enabling an attacker to execute a malicious application.

Product: Honeywell Experion VirtualUOC and UOC

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5389

NVD References: 

- https://process.honeywell.com

- https://www.honeywell.com/us/en/product-security



CVE-2024-23745 -  Notion Web Clipper 1.0.3(7) is vulnerable to the Dirty NIB attack, allowing arbitrary command execution via manipulated .nib files, and Gatekeeper may still allow execution even if the NIB file is modified within the application.

Product: Notion Web Clipper

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23745

NVD References: https://github.com/louiselalanne/CVE-2024-23745



CVE-2024-1012 - Wanhu ezOFFICE 11.1.0 is vulnerable to remote SQL injection via manipulation of the argument recordId in defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp (VDB-252281).

Product: Wanhu ezOFFICE

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1012

NVD References: 

- https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md

- https://vuldb.com/?ctiid.252281

- https://vuldb.com/?id.252281



CVE-2023-50356 - AREAL Topkapi Vision (Server) is vulnerable to a man-in-the-middle attack due to improper certificate validation in SSL connections to NOVELL and Synology LDAP server, allowing remote unauthenticated attackers to obtain sensitive information and hinder valid user login.

Product: NOVELL AREAL Topkapi Vision

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50356

NVD References: https://www.areal-topkapi.com/en/services/security-bulletins



CVE-2023-6246 - The glibc library is susceptible to a heap-based buffer overflow in the __vsyslog_internal function, allowing for application crashes or local privilege escalation when the openlog function is not called or called with a NULL ident argument and the program name is over 1024 bytes in size.

Product: Fedora Project Fedora 39

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6246

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8834

NVD References: 

- http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html

- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

- http://seclists.org/fulldisclosure/2024/Feb/3

- http://seclists.org/fulldisclosure/2024/Feb/5

- https://access.redhat.com/security/cve/CVE-2023-6246

- https://bugzilla.redhat.com/show_bug.cgi?id=2249053

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/

- https://security.gentoo.org/glsa/202402-01

- https://www.openwall.com/lists/oss-security/2024/01/30/6



CVE-2024-21917 - Rockwell Automation FactoryTalk® Service Platform allows a malicious user to obtain the service token and authenticate on another FTSP directory, potentially retrieving user information and modifying settings without authentication.

Product: Rockwell Automation FactoryTalk® Service Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21917

NVD References: https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html



CVE-2024-23652 - BuildKit is vulnerable to a file removal issue when using RUN --mount, allowing a malicious frontend or Dockerfile to delete files outside the container on the host system.

Product:  BuildKit

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23652

NVD References: 

- https://github.com/moby/buildkit/pull/4603

- https://github.com/moby/buildkit/releases/tag/v0.12.5

- https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8



CVE-2024-23653 - BuildKit allows users to run containers with elevated privileges, which can be exploited if the `security.insecure` entitlement is enabled and the user is allowed to initialize the build request, but this vulnerability has been fixed in v0.12.5.

Product: BuildKit

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23653

NVD References: 

- https://github.com/moby/buildkit/pull/4602

- https://github.com/moby/buildkit/releases/tag/v0.12.5

- https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g



CVE-2024-23832 - Mastodon allows LDAP configuration for authentication, but insufficient origin validation lets attackers impersonate and take over remote accounts in multiple vulnerable versions.

Product: Mastodon

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23832

NVD References: 

- http://www.openwall.com/lists/oss-security/2024/02/02/4

- https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958

- https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw



CVE-2024-24561 - Vyper, a pythonic Smart Contract Language for the ethereum virtual machine, is vulnerable to an overflow issue in the bounds check for slices, allowing attackers to perform out-of-bounds (OOB) accesses and corrupt array length.

Product: Vyper ethereum virtual machine

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24561 

NVD References: 

- https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457

- https://github.com/vyperlang/vyper/issues/3756

- https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c



CVE-2024-1039 - Gessler GmbH WEB-MASTER has a vulnerability due to weak hard coded credentials, granting an attacker full control over web management.

Product: Gessler GmbH WEB-MASTER

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1039

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01



CVE-2023-46706 - Multiple MachineSense devices have credentials unable to be changed by the user or administrator.

Product: Multiple MachineSense devices

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46706

NVD References: 

- https://machinesense.com/pages/about-machinesense

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01



CVE-2023-49617 - The MachineSense application programmable interface (API) allows unauthorized access, enabling retrieval and modification of sensitive information without authentication.

Product: MachineSense application programmable interface (API)

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49617

NVD References: 

- https://machinesense.com/pages/about-machinesense

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01



CVE-2024-21764 - Rapid SCADA versions prior to Version 5.8.4 have hard-coded credentials, enabling unauthorized access through a specific port.

Product: Rapid Software LLC Rapid SCADA

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21764

NVD References: 

- https://rapidscada.org/contact/

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03



CVE-2023-50940 - IBM PowerSC versions 1.3, 2.0, and 2.1 allow attackers to perform privileged actions and access sensitive information due to the lack of domain name restrictions in Cross-Origin Resource Sharing (CORS).

Product: IBM PowerSC

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50940

NVD References: 

- https://exchange.xforce.ibmcloud.com/vulnerabilities/275130

- https://www.ibm.com/support/pages/node/7113759



CVE-2024-22319 - IBM Operational Decision Manager versions 8.10.3 to 8.12.0.1 are vulnerable to remote LDAP injection by allowing unsanitized content to be injected into the LDAP filter.

Product: IBM Operational Decision Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22319

NVD References: 

- https://exchange.xforce.ibmcloud.com/vulnerabilities/279145

- https://www.ibm.com/support/pages/node/7112382



CVE-2024-1143 - Central Dogma versions prior to 0.64.0 allow for Cross-Site Scripting (XSS), leading to leakage of user sessions and authentication bypass.

Product: Central Dogma

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1143

NVD References: https://github.com/line/centraldogma/security/advisories/GHSA-34q3-p352-c7q8



CVE-2023-47143 - IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, enabling attacks such as cross-site scripting, cache poisoning, and session hijacking.

Product: IBM Tivoli Application Dependency Discovery Manager

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47143

NVD References: 

- https://exchange.xforce.ibmcloud.com/vulnerabilities/270270

- https://www.ibm.com/support/pages/node/7105139



CVE-2023-6675 - CyberMath before v.1.5 allows unrestricted upload of dangerous file types leading to web shell upload.

Product: National Keep CyberMath

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6675

NVD References: https://www.usom.gov.tr/bildirim/tr-24-0080



CVE-2022-34381 - The Dell BSAFE SSL-J and Crypto-J versions before 7.0 and 6.2.6.1 respectively have an unmaintained third-party component vulnerability that can be exploited by an unauthenticated remote attacker to compromise the system, making it critical to upgrade immediately according to Dell.

Product: Dell BSAFE SSL-J

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-34381

NVD References: https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability



CVE-2023-39303 - QNAP operating system versions are vulnerable to improper authentication, allowing users to compromise system security via a network; this has been fixed in QTS 5.1.3.2578 build 20231110 and later, QuTS hero h5.1.3.2578 build 20231110 and later, and QuTScloud c5.1.5.2651 and later.

Product: QNAP QTS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39303

NVD References: https://www.qnap.com/en/security-advisory/qsa-23-33



CVE-2023-45025 - QNAP operating system versions are vulnerable to OS command injection, allowing users to execute commands via a network, but the vulnerability has been patched in specific versions.

Product: QNAP QTS

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45025

NVD References: https://www.qnap.com/en/security-advisory/qsa-23-47



CVE-2024-24029 - JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.

Product: JFinalCMS Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24029

NVD References: https://gitee.com/heyewei/JFinalcms/issues/I8VE52



CVE-2024-1197 - SourceCodester Testimonial Page Manager 1.0 is susceptible to remote SQL injection via the testimony argument in delete-testimonial.php file, allowing attackers to initiate an attack.

Product: Remyandrade Testimonial Page Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1197

NVD References: 

- https://vuldb.com/?ctiid.252695

- https://vuldb.com/?id.252695



CVE-2024-23108 and CVE-2024-23109 - Fortinet FortiSIEM versions 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 are vulnerable to os command injection flaws allowing unauthorized code execution via crafted API requests.

Product: Fortinet FortiSIEM

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23108

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23109

NVD References: https://fortiguard.com/psirt/FG-IR-23-130



CVE-2024-0323 - B&R Industrial Automation Automation Runtime (SDM modules) is vulnerable to the use of a broken or risky cryptographic algorithm, allowing an attacker to conduct man-in-the-middle attacks or decrypt communications.

Product: B&R Industrial Automation Runtime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0323

NVD References: https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf



CVE-2023-6933 - The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection, allowing unauthenticated attackers to inject a PHP Object and potentially delete files, retrieve sensitive data, or execute code if a POP chain is present.

Product: WordPress Better Search Replace plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6933

NVD References: 

- https://plugins.trac.wordpress.org/browser/better-search-replace/trunk/includes/class-bsr-db.php#L334

- https://plugins.trac.wordpress.org/changeset/3023674/better-search-replace/trunk/includes/class-bsr-db.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=cve



CVE-2023-6989 - The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion up to version 18.5.9, allowing unauthenticated attackers to execute arbitrary PHP code on the server.

Product: Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6989

NVD References: 

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3013699%40wp-simple-firewall&new=3013699%40wp-simple-firewall&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=cve



CVE-2024-0221 - The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress (up to version 1.8.19) allows authenticated administrators, and potentially lower level users, to perform a Directory Traversal vulnerability via the rename_item function, leading to arbitrary file renaming and potential site takeovers.

Product: The Photo Gallery by 10Web

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0221

NVD References: 

- https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291

- https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve



CVE-2024-0709 - The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection allowing unauthenticated attackers to extract sensitive information from the database.

Product: Cryptocurrency Widgets Price Ticker & Coins List

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0709

NVD References: 

- https://plugins.trac.wordpress.org/browser/cryptocurrency-price-ticker-widget/trunk/includes/ccpw-db-helper.php?rev=3003658#L172

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve



CVE-2023-6229 through CVE-2023-6234, CVE-2024-0244 - Multiple buffer overflow vulnerabilities in the Canon Laser Printers and Small Office Multifunctional Printers 

Product: Canon Satera LBP670C Series/Satera MF750C Series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6229

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6230

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6231

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6232

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6233

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6234

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0244

NVD References: 

- https://canon.jp/support/support-info/240205vulnerability-response

- https://psirt.canon/advisory-information/cp2024-001/

- https://www.canon-europe.com/support/product-security-latest-news/

- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers



CVE-2023-33072 - Memory corruption in Core while processing control functions.

Product: Core Memory

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33072

NVD References: https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin



CVE-2024-24592 through CVE-2024-24594 - Multiple vulnerabilities in Allegro AI’s ClearML platform

Product: Allegro AI ClearML platform

CVSS Score: 9.6 - 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24592

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24593

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24594

NVD References: https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/



CVE-2023-4762 - Google Chrome prior to 116.0.5845.179 allows remote attackers to execute arbitrary code through crafted HTML pages due to a type confusion in V8.

Product: Google Chrome

CVSS Score: 0

** KEV since 2024-02-06 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4762