SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 13
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Scans for Apache OfBiz
Published: 2024-03-27
Last Updated: 2024-03-27 12:08:56 UTC
by Johannes Ullrich (Version: 1)
Today, I noticed in our "first seen URL" list, two URLs I didn't immediately recognize ...
These two URLs appear to be associated with Apache's OfBiz product. According to the project, "Apache OFBiz is a suite of business applications flexible enough to be used across any industry. A common architecture allows developers to easily extend or enhance it to create custom features". OfBiz includes features to manage catalogs, e-commerce, payments and several other tasks.
Searching for related URLs, I found the following other URLs being scanned occasionally ...
One recently patched vulnerability, CVE-2023-51467, sports a CVSS score of 9.8. The vulnerability allows code execution without authentication. Exploits have been available for a while now. Two additional path traversal authentication bypass vulnerabilities have been fixed this year (CVE-2024-25065, CVE-2024-23946).
Based on the exploit, exploitation of CVE-2023-51467 is as easy as sending this POST request to a vulnerable server ...
Read the full entry:
https://isc.sans.edu/diary/Scans+for+Apache+OfBiz/30784/
Apple Updates for MacOS, iOS/iPadOS and visionOS
Published: 2024-03-25
Last Updated: 2024-03-26 00:15:45 UTC
by Johannes Ullrich (Version: 1)
Last week, Apple published updates for iOS and iPadOS. At that time, Apple withheld details about the security content of the update. This is typical if future updates for other operating systems will fix the same vulnerability. Apple's operating systems share a lot of code, and specific vulnerabilities are frequently found in all operating systems.
Today, Apple released the corresponding macOS updates and with that delivered the missing security details.
A total of two vulnerabilities are being patched. They affect macOS (14 and 13), iOS/iPadOS (16 and 17), and the brand new visionOS.
CVE-2024-1580: An arbitrary code execution vulnerability that could be triggered by processing a crafted image.
CVE-2024-1580: An arbitrary code execution vulnerability that could also be triggered by processing an image.
Note: this is not a typo above. There is only one CVE, but Apple shows two distinct vulnerabilities. The reason is that this is the same issue that happened in two different components.
Read the full entry:
https://isc.sans.edu/diary/Apple+Updates+for+MacOS+iOSiPadOS+and+visionOS/30778/
Whois "geofeed" Data
Published: 2024-03-21
Last Updated: 2024-03-22 19:54:31 UTC
by Johannes Ullrich (Version: 1)
Attributing a particular IP address to a specific location is hard and often fails miserably. There are several difficulties that I have talked about before: Out-of-date whois data, data that is outright fake, or was never correct in the first place. Companies that have been allocated a larger address range are splitting it up into different geographic regions, but do not reflect this in their whois records.
And beyond giving threat intel geeks a quick attribution high, the fact that the IP address is allocated to a particular country is useless information that costs a ton of CPU power to acquire. You are better off mining Dogecoin with those cycles.
But... if you are still reading... I saw something new, at least new to me: geofeed attributes in whois data! This appears to be particularly common in Europe. To our US readers, Europe is odd in that it is subdivided into entities referred to as "Countries", not "States". Just like states in the US, different countries may have different local laws. For example, in France, it is illegal to name your pet pig "Napoleon". Enforcement of these laws across the Internet often requires specific geolocation knowledge, and I can only assume that this lead to the "geofeed" attribute.
Read the full entry:
Internet Storm Center Entries
New tool: linux-pkgs.sh (2024.03.24)
https://isc.sans.edu/diary/New+tool+linuxpkgssh/30774/
Tool updates: le-hex-to-ip.py and sigs.py (2024.03.24)
https://isc.sans.edu/diary/Tool+updates+lehextoippy+and+sigspy/30772/
1768.py's Experimental Mode (2024.03.23)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-21762 - Fortinet FortiOS Out-of-Bound Write Vulnerability
Product: Fortinet FortiOS
CVSS Score: 0
** KEV since 2024-02-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21762
ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8902
CVE-2023-48788 - Fortinet FortiClientEMS versions 7.0.1 through 7.2.2 are vulnerable to SQL injection, allowing attackers to execute unauthorized code or commands through specially crafted packets.
Product: Fortinet FortiClientEMS
CVSS Score: 0
** KEV since 2024-03-25 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48788
ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8906
CVE-2024-29027 - Parse Server is vulnerable to code injection, internal store manipulation, and remote code execution through invalid Cloud Function and Cloud Job names prior to versions 6.5.5 and 7.0.0-alpha.29.
Product: Parse Server
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29027
NVD References:
- https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b
- https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e
- https://github.com/parse-community/parse-server/releases/tag/6.5.5
- https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29
- https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29
CVE-2024-2197 - Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access.
Product: Chirp Access
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2197
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01
CVE-2024-1711 - The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection through the 'id' parameter, allowing unauthenticated attackers to extract sensitive data in versions up to 1.9.4.
Product: Create by Mediavine plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1711
NVD References:
CVE-2024-1800 - Telerik Report Server versions prior to 2024 Q1 are susceptible to remote code execution due to an insecure deserialization vulnerability.
Product: Progress Telerik Report ServerCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1800NVD References: - https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800- https://www.telerik.com/report-serverCVE-2024-1811 - A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.Product: OpenText ArcSight PlatformCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1811NVD References: https://portal.microfocus.com/s/article/KM000027383CVE-2024-28179 - Jupyter Server Proxy prior to versions 3.2.3 and 4.1.1 allows unauthenticated remote access to websocket endpoints, potentially leading to remote unauthenticated arbitrary code execution.Product: Jupyter Server ProxyCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28179NVD References: - https://github.com/jupyterhub/jupyter-server-proxy/blob/9b624c4d9507176334b46a85d94a4aa3bcd29bed/jupyter_server_proxy/handlers.py#L433- https://github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9- https://github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03- https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4vCVE-2024-28231 - Eprosima Fast DDS versions prior to 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 allow manipulated data to cause heap overflow errors, leading to remote termination.Product: Eprosima Fast DDSCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28231NVD References: - https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4wCVE-2024-29037 - datahub-helm had a vulnerability in versions 0.1.143 to 0.2.182 where personal access tokens could be generated with a default secret key, potentially leading to unauthorized access if the algorithm was reverse engineered.Product: LinkedIn datahub-helmCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29037NVD References: - https://github.com/acryldata/datahub-helm/commit/ea8a17860f053c63387b8309e1f77c0e1462a1b3- https://github.com/acryldata/datahub-helm/security/advisories/GHSA-82p6-9h7m-9h8jCVE-2024-2443 - GitHub Enterprise Server is vulnerable to command injection, allowing an attacker with an editor role in the Management Console to gain admin SSH access when configuring GeoJSON settings.Product: GitHub Enterprise ServerCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2443NVD References: - https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1- https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12CVE-2024-1202 - Octopod by XPodas is vulnerable to Authentication Bypass due to a primary weakness, allowing unauthorized access before v1.Product: XPodas OctopodCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1202NVD References: https://www.usom.gov.tr/bildirim/tr-24-0174CVE-2024-27922 - TOMP Bare Server prior to version 2.0.2 allows for insecure handling of HTTP requests by the @tomphttp/bare-server-node package, potentially exposing users to manipulation of web traffic.Product: TOMP Bare ServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27922NVD References: https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533CVE-2024-2161 - Kiloview NDI's use of hard-coded credentials allows unauthenticated users to bypass authentication, impacting N3, N3-s, N4, N20, N30, N40 firmware version 2.02.0227.Product: Kiloview NDICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2161NVD References: - https://www.kiloview.com/en/support/download/1779/- https://www.kiloview.com/en/support/download/n20-firmware-download/- https://www.kiloview.com/en/support/download/n3-for-ndi/- https://www.kiloview.com/en/support/download/n3-s-firmware-download/- https://www.kiloview.com/en/support/download/n30-for-ndi/- https://www.kiloview.com/en/support/download/n40/CVE-2024-1147, CVE-2024-1148 - Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.Product: OpenText PVCS Version ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1147NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1148NVD References: https://portal.microfocus.com/s/article/KM000026669CVE-2024-29732 - SCAN_VISIO eDocument Suite Web Viewer of Abast allows an unauthenticated user to retrieve, update, and delete database information through SQL Injection on the login page's "user" parameter.Product: Abast SCAN_VISIO eDocument Suite Web ViewerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/de…
CVE-2024-1811 - A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.
Product: OpenText ArcSight Platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1811
NVD References: https://portal.microfocus.com/s/article/KM000027383
CVE-2024-28179 - Jupyter Server Proxy prior to versions 3.2.3 and 4.1.1 allows unauthenticated remote access to websocket endpoints, potentially leading to remote unauthenticated arbitrary code execution.
Product: Jupyter Server Proxy
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28179
NVD References:
- https://github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9
- https://github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03
- https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4v
CVE-2024-28231 - Eprosima Fast DDS versions prior to 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 allow manipulated data to cause heap overflow errors, leading to remote termination.
Product: Eprosima Fast DDS
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28231
NVD References:
- https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b
- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w
CVE-2024-29037 - datahub-helm had a vulnerability in versions 0.1.143 to 0.2.182 where personal access tokens could be generated with a default secret key, potentially leading to unauthorized access if the algorithm was reverse engineered.
Product: LinkedIn datahub-helm
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29037
NVD References:
- https://github.com/acryldata/datahub-helm/commit/ea8a17860f053c63387b8309e1f77c0e1462a1b3
- https://github.com/acryldata/datahub-helm/security/advisories/GHSA-82p6-9h7m-9h8j
CVE-2024-2443 - GitHub Enterprise Server is vulnerable to command injection, allowing an attacker with an editor role in the Management Console to gain admin SSH access when configuring GeoJSON settings.
Product: GitHub Enterprise Server
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2443
NVD References:
- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9
- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7
- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1
- https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17
- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12
CVE-2024-1202 - Octopod by XPodas is vulnerable to Authentication Bypass due to a primary weakness, allowing unauthorized access before v1.
Product: XPodas Octopod
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1202
NVD References: https://www.usom.gov.tr/bildirim/tr-24-0174
CVE-2024-27922 - TOMP Bare Server prior to version 2.0.2 allows for insecure handling of HTTP requests by the @tomphttp/bare-server-node package, potentially exposing users to manipulation of web traffic.
Product: TOMP Bare Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27922
NVD References: https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533
CVE-2024-2161 - Kiloview NDI's use of hard-coded credentials allows unauthenticated users to bypass authentication, impacting N3, N3-s, N4, N20, N30, N40 firmware version 2.02.0227.
Product: Kiloview NDI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2161
NVD References:
- https://www.kiloview.com/en/support/download/1779/
- https://www.kiloview.com/en/support/download/n20-firmware-download/
- https://www.kiloview.com/en/support/download/n3-for-ndi/
- https://www.kiloview.com/en/support/download/n3-s-firmware-download/
CVE-2024-1147, CVE-2024-1148 - Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.
Product: OpenText PVCS Version Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1147
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1148
NVD References: https://portal.microfocus.com/s/article/KM000026669
CVE-2024-29732 - SCAN_VISIO eDocument Suite Web Viewer of Abast allows an unauthenticated user to retrieve, update, and delete database information through SQL Injection on the login page's "user" parameter.
Product: Abast SCAN_VISIO eDocument Suite Web Viewer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29732
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast
CVE-2024-29870 through CVE-2024-29876 - Sentrifugo 3.2 SQL injection vulnerabilities
Product: Sentrifugo 3.2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29870
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29871
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29872
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29873
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29874
CVE-2024-27956 - ValvePress Automatic before version 3.92.0 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.
CVE-2024-2806 through CVE-2024-2811, CVE-2024-2813 through CVE-2024-2815, CVE-2024-2850, CVE-2024-2852, CVE-2024-2855, CVE-2024-2856 - Tenda AC15 multiple stack-based buffer overflow vulnerabilities.
Product: Tenda AC15
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2806
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2807
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2808
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2809
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2810
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2811
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2813
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2814
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2815
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2850
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2852
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2855
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2856
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md
CVE-2024-2851, CVE-2024-2853, CVE-2024-2854 - Tenda AC15 multiple os command injection vulnerabilities
Product: Tenda AC15
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2851
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2853
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2854
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md
NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md
CVE-2024-2722 through CVE-2024-2724 - CIGESv2 system multiple SQL injection vulnerabilities
Product: CIGESv2 system
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2722
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2723
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2724
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system
CVE-2024-2227 - IdentityIQ is vulnerable to arbitrary file access through a path traversal vulnerability in JSF 2.2.20 (
Product: SailPoint IdentityIQ
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2227
NVD References: https://www.sailpoint.com/security-advisories/
CVE-2024-28861 - Symfony 1 suffers from a gadget chain vulnerability in versions prior to 1.5.19, allowing for remote code execution if user input is deserialized in the `sfNamespacedParameterHolder` class.
Product: Symfony 1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28861
NVD References:
- https://github.com/FriendsOfSymfony1/symfony1/commit/0bd9d59c69221f49bfc8be8b871b79e12d7d171a
- https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-pv9j-c53q-h433
CVE-2024-29185 - FreeScout is vulnerable to OS Command Injection in versions prior to 1.8.128, allowing an adversary to execute malicious commands on the server by exploiting the php_path parameter in the /public/tools.php source file.
Product: FreeScout
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29185
NVD References: https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7p9x-ch4c-vqj9
CVE-2022-36407 - Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information through insertion into log files.
Product: Hitachi Virtual Storage Platform
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36407
NVD References: https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html
CVE-2024-2862 - This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
Product: LG LED Assistant
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2862
NVD References: https://lgsecurity.lge.com/bulletins/idproducts#updateDetails
CVE-2024-2865 - Mergen Software Quality Management System is vulnerable to SQL Injection through 25032024, allowing attackers to execute malicious SQL commands.
Product: Mergen Quality Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2865
NVD References: https://www.usom.gov.tr/bildirim/tr-24-0229
CVE-2024-2873 - wolfSSH's server-side state machine is vulnerable to unauthorized access through the creation of channels by a malicious client before user authentication in versions before 1.4.17.
Product: wolfSSL wolfSSH
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2873
NVD References:
- https://github.com/wolfSSL/wolfssh/pull/670
CVE-2024-30231 - Product Import Export for WooCommerce allows unrestricted file uploads with dangerous types, leading to potential security risks in versions n/a through 2.4.1.
Product: WebToffee Product Import Export for WooCommerce
CVSS Score: 9.1
CVE-2023-23656 - MainWP File Uploader Extension allows for unrestricted upload of files with dangerous types, posing a security risk from versions n/a through 4.1.
Product: MainWP File Uploader Extension
CVSS Score: 10.0
CVE-2023-28787 - Quiz And Survey Master is vulnerable to an SQL Injection issue in versions up to 8.1.4, allowing attackers to manipulate SQL queries and potentially access or modify sensitive data.
Product: ExpressTech Quiz And Survey Master
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28787
CVE-2023-29386 - Julien Crego Manager for Icomoon allows for unrestricted file uploads of dangerous types.
Product: Julien Crego Manager forIcomoon
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29386
CVE-2023-38388 - Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.
Product: Artbees JupiterX Core
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38388
CVE-2023-47842 - Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
Product: Zachary Segal CataBlog
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47842
NVD References: https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2023-47846 - Terry Lin WP Githuber MD is vulnerable to unrestricted upload of file with dangerous type, affecting versions from n/a through 1.16.2.
Product: Terry Lin WP Githuber MD
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47846
CVE-2023-47873 - WP Child Theme Generator allows for unrestricted upload of files with dangerous types, leaving it vulnerable to attacks from n/a through version 1.0.9.
Product: WEN Solutions WP Child Theme Generator
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47873
CVE-2023-48777 - Elementor Website Builder is vulnerable to Unrestricted Upload of File with Dangerous Type from version 3.3.0 through 3.18.1.
Product: Elementor Website Builder
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48777
NVD References: https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-28916 - Xbox Gaming Services Elevation of Privilege Vulnerability
Product: Microsoft Xbox Gaming Services
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28916
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28916
CVE-2023-51467 - The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
Product: Apache OfBiz
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51467
ISC Diary: https://isc.sans.edu/diary/30784
CVE-2024-1580 - dav1d AV1 decoder is vulnerable to integer overflow, potentially causing memory corruption; update to version 1.4.0 or higher recommended.
Product: VideoLAN dav1d AV1 decoder
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1580
ISC Diary: https://isc.sans.edu/diary/30778
The following vulnerability needs a manual review:
CVE-2023-41724 - Ivanti Standalone Sentry: An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Product: Ivanti Standalone Sentry
CVSS Score: 9.6
NVD: N/A
ISC Podcast: https://isc.sans.edu/podcastdetail/8906
CVE-2023-38388 - Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.
CVE-2023-47842 - Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
Product: Zachary Segal CataBlog
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47842
NVD References: https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2023-47846 - Terry Lin WP Githuber MD is vulnerable to unrestricted upload of file with dangerous type, affecting versions from n/a through 1.16.2.
Product: Terry Lin WP Githuber MD
CVSS Score: 9.1
CVE-2023-47873 - WP Child Theme Generator allows for unrestricted upload of files with dangerous types, leaving it vulnerable to attacks from n/a through version 1.0.9.
Product: WEN Solutions WP Child Theme Generator
CVSS Score: 9.1
CVE-2023-48777 - Elementor Website Builder is vulnerable to Unrestricted Upload of File with Dangerous Type from version 3.3.0 through 3.18.1.
Product: Elementor Website Builder
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48777
NVD References: https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-28916 - Xbox Gaming Services Elevation of Privilege Vulnerability
Product: Microsoft Xbox Gaming Services
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28916
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28916
CVE-2023-51467 - The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
Product: Apache OfBiz
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51467
ISC Diary: https://isc.sans.edu/diary/30784
CVE-2024-1580 - dav1d AV1 decoder is vulnerable to integer overflow, potentially causing memory corruption; update to version 1.4.0 or higher recommended.
Product: VideoLAN dav1d AV1 decoder
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1580
ISC Diary: https://isc.sans.edu/diary/30778
The following vulnerability needs a manual review:
CVE-2023-41724 - Ivanti Standalone Sentry: An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Product: Ivanti Standalone Sentry
CVSS Score: 9.6
NVD: N/A
ISC Podcast: https://isc.sans.edu/podcastdetail/8906
References:
CVE-2023-41724 - Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
Sponsors
SANS
SANS 2024 CTI Survey: Managing the Evolving Threat Landscape | May 22 | Join us to learn How the CTI discipline has evolved in the past year-how CTI analysts kept up with the ever-changing threat landscape, how they view emerging threats (adversary use of AI), and how technology enablement improves efficiency.
Microsoft
Unleashing Secure Access with an Identity-Centric Zero Trust Network Access Solution: Microsoft Entra Private Access | May 1 at 3:30 pm ET | Join us to explore how you can enable secure access to any app or resource, from anywhere using Microsoft’s identity-centric Security Service Edge solution.
CrashPlan
Do You Know Where Your Data Is? | April 25 at 1:00pm ET | Tune in as we dive into the results and key findings of our Endpoint Data Survey. Our presenters will provide insight into the strategies that organizations are using to protect against the loss of such data.
SANS
SANS 2024 CTI Survey: Managing the Evolving Threat Landscape | May 22 | Join us to learn How the CTI discipline has evolved in the past year-how CTI analysts kept up with the ever-changing threat landscape, how they view emerging threats (adversary use of AI), and how technology enablement improves efficiency.