The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Scans for Apache OfBiz

Published: 2024-03-27

Last Updated: 2024-03-27 12:08:56 UTC

by Johannes Ullrich (Version: 1)

Today, I noticed in our "first seen URL" list, two URLs I didn't immediately recognize ...

These two URLs appear to be associated with Apache's OfBiz product. According to the project, "Apache OFBiz is a suite of business applications flexible enough to be used across any industry. A common architecture allows developers to easily extend or enhance it to create custom features". OfBiz includes features to manage catalogs, e-commerce, payments and several other tasks.

Searching for related URLs, I found the following other URLs being scanned occasionally ...

One recently patched vulnerability, CVE-2023-51467, sports a CVSS score of 9.8. The vulnerability allows code execution without authentication. Exploits have been available for a while now. Two additional path traversal authentication bypass vulnerabilities have been fixed this year (CVE-2024-25065, CVE-2024-23946).

Based on the exploit, exploitation of CVE-2023-51467 is as easy as sending this POST request to a vulnerable server ...

Read the full entry:

https://isc.sans.edu/diary/Scans+for+Apache+OfBiz/30784/

Apple Updates for MacOS, iOS/iPadOS and visionOS

Published: 2024-03-25

Last Updated: 2024-03-26 00:15:45 UTC

by Johannes Ullrich (Version: 1)

Last week, Apple published updates for iOS and iPadOS. At that time, Apple withheld details about the security content of the update. This is typical if future updates for other operating systems will fix the same vulnerability. Apple's operating systems share a lot of code, and specific vulnerabilities are frequently found in all operating systems.

Today, Apple released the corresponding macOS updates and with that delivered the missing security details.

A total of two vulnerabilities are being patched. They affect macOS (14 and 13), iOS/iPadOS (16 and 17), and the brand new visionOS.

CVE-2024-1580: An arbitrary code execution vulnerability that could be triggered by processing a crafted image.

CVE-2024-1580: An arbitrary code execution vulnerability that could also be triggered by processing an image.

Note: this is not a typo above. There is only one CVE, but Apple shows two distinct vulnerabilities. The reason is that this is the same issue that happened in two different components.

Read the full entry:

https://isc.sans.edu/diary/Apple+Updates+for+MacOS+iOSiPadOS+and+visionOS/30778/

Whois "geofeed" Data

Published: 2024-03-21

Last Updated: 2024-03-22 19:54:31 UTC

by Johannes Ullrich (Version: 1)

Attributing a particular IP address to a specific location is hard and often fails miserably. There are several difficulties that I have talked about before: Out-of-date whois data, data that is outright fake, or was never correct in the first place. Companies that have been allocated a larger address range are splitting it up into different geographic regions, but do not reflect this in their whois records.

And beyond giving threat intel geeks a quick attribution high, the fact that the IP address is allocated to a particular country is useless information that costs a ton of CPU power to acquire. You are better off mining Dogecoin with those cycles.

But... if you are still reading... I saw something new, at least new to me: geofeed attributes in whois data! This appears to be particularly common in Europe. To our US readers, Europe is odd in that it is subdivided into entities referred to as "Countries", not "States". Just like states in the US, different countries may have different local laws. For example, in France, it is illegal to name your pet pig "Napoleon". Enforcement of these laws across the Internet often requires specific geolocation knowledge, and I can only assume that this lead to the "geofeed" attribute.

Read the full entry:

https://isc.sans.edu/diary/Whois+geofeed+Data/30766/

New tool: linux-pkgs.sh (2024.03.24)

https://isc.sans.edu/diary/New+tool+linuxpkgssh/30774/

Tool updates: le-hex-to-ip.py and sigs.py (2024.03.24)

https://isc.sans.edu/diary/Tool+updates+lehextoippy+and+sigspy/30772/

1768.py's Experimental Mode (2024.03.23)

https://isc.sans.edu/diary/1768pys+Experimental+Mode/30770/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-21762 - Fortinet FortiOS Out-of-Bound Write Vulnerability

Product: Fortinet FortiOS

CVSS Score: 0

** KEV since 2024-02-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21762

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8902

CVE-2023-48788 - Fortinet FortiClientEMS versions 7.0.1 through 7.2.2 are vulnerable to SQL injection, allowing attackers to execute unauthorized code or commands through specially crafted packets.

Product: Fortinet FortiClientEMS

CVSS Score: 0

** KEV since 2024-03-25 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48788

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8906

CVE-2024-29027 - Parse Server is vulnerable to code injection, internal store manipulation, and remote code execution through invalid Cloud Function and Cloud Job names prior to versions 6.5.5 and 7.0.0-alpha.29.

Product: Parse Server

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29027

NVD References:

- https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b

- https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e

- https://github.com/parse-community/parse-server/releases/tag/6.5.5

- https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29

- https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29

CVE-2024-2197 - Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access.

Product: Chirp Access

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2197

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01

CVE-2024-1711 - The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection through the 'id' parameter, allowing unauthenticated attackers to extract sensitive data in versions up to 1.9.4.

Product: Create by Mediavine plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1711

NVD References:

- https://wordpress.org/plugins/mediavine-create/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc78fa6-a5f0-4f29-ae19-8e783698b19e?source=cve

CVE-2024-1800 - Telerik Report Server versions prior to 2024 Q1 are susceptible to remote code execution due to an insecure deserialization vulnerability.

Product: Progress Telerik Report Server

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1800

NVD References:

- https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800

- https://www.telerik.com/report-server

CVE-2024-1811 - A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.

Product: OpenText ArcSight Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1811

NVD References: https://portal.microfocus.com/s/article/KM000027383

CVE-2024-28179 - Jupyter Server Proxy prior to versions 3.2.3 and 4.1.1 allows unauthenticated remote access to websocket endpoints, potentially leading to remote unauthenticated arbitrary code execution.

Product: Jupyter Server Proxy

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28179

NVD References:

- https://github.com/jupyterhub/jupyter-server-proxy/blob/9b624c4d9507176334b46a85d94a4aa3bcd29bed/jupyter_server_proxy/handlers.py#L433

- https://github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9

- https://github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03

- https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4v

CVE-2024-28231 - Eprosima Fast DDS versions prior to 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 allow manipulated data to cause heap overflow errors, leading to remote termination.

Product: Eprosima Fast DDS

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28231

NVD References:

- https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b

- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w

CVE-2024-29037 - datahub-helm had a vulnerability in versions 0.1.143 to 0.2.182 where personal access tokens could be generated with a default secret key, potentially leading to unauthorized access if the algorithm was reverse engineered.

Product: LinkedIn datahub-helm

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29037

NVD References:

- https://github.com/acryldata/datahub-helm/commit/ea8a17860f053c63387b8309e1f77c0e1462a1b3

- https://github.com/acryldata/datahub-helm/security/advisories/GHSA-82p6-9h7m-9h8j

CVE-2024-2443 - GitHub Enterprise Server is vulnerable to command injection, allowing an attacker with an editor role in the Management Console to gain admin SSH access when configuring GeoJSON settings.

Product: GitHub Enterprise Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2443

NVD References:

- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9

- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7

- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1

- https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17

- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12

CVE-2024-1202 - Octopod by XPodas is vulnerable to Authentication Bypass due to a primary weakness, allowing unauthorized access before v1.

Product: XPodas Octopod

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1202

NVD References: https://www.usom.gov.tr/bildirim/tr-24-0174

CVE-2024-27922 - TOMP Bare Server prior to version 2.0.2 allows for insecure handling of HTTP requests by the @tomphttp/bare-server-node package, potentially exposing users to manipulation of web traffic.

Product: TOMP Bare Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27922

NVD References: https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533

CVE-2024-2161 - Kiloview NDI's use of hard-coded credentials allows unauthenticated users to bypass authentication, impacting N3, N3-s, N4, N20, N30, N40 firmware version 2.02.0227.

Product: Kiloview NDI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2161

NVD References:

- https://www.kiloview.com/en/support/download/1779/

- https://www.kiloview.com/en/support/download/n20-firmware-download/

- https://www.kiloview.com/en/support/download/n3-for-ndi/

- https://www.kiloview.com/en/support/download/n3-s-firmware-download/

- https://www.kiloview.com/en/support/download/n30-for-ndi/

- https://www.kiloview.com/en/support/download/n40/

CVE-2024-1147, CVE-2024-1148 - Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.

Product: OpenText PVCS Version Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1147

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1148

NVD References: https://portal.microfocus.com/s/article/KM000026669

CVE-2024-29732 - SCAN_VISIO eDocument Suite Web Viewer of Abast allows an unauthenticated user to retrieve, update, and delete database information through SQL Injection on the login page's "user" parameter.

Product: Abast SCAN_VISIO eDocument Suite Web Viewer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29732

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast

CVE-2024-29870 through CVE-2024-29876- Sentrifugo 3.2 SQL injection vulnerabilities

Product: Sentrifugo 3.2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29870

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29871

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29872

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29873

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29874

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29875

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29876

CVE-2024-27956 - ValvePress Automatic before version 3.92.0 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.

Product: ValvePress Automatic

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27956

NVD References: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve

CVE-2024-2806 through CVE-2024-2811, CVE-2024-2813 through CVE-2024-2815, CVE-2024-2850, CVE-2024-2852, CVE-2024-2855, CVE-2024-2856 - Tenda AC15 multiple stack-based buffer overflow vulnerabilities.

Product: Tenda AC15

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2806

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2807

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2808

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2809

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2810

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2811

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2813

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2814

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2815

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2850

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2852

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2855

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2856

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md

CVE-2024-2851, CVE-2024-2853, CVE-2024-2854 - Tenda AC15 multiple os command injection vulnerabilities

Product: Tenda AC15

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2851

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2853

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2854

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md

CVE-2024-2722 through CVE-2024-2724 - CIGESv2 system multiple SQL injection vulnerabilities

Product: CIGESv2 system

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2722

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2723

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2724

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system

CVE-2024-2227 - IdentityIQ is vulnerable to arbitrary file access through a path traversal vulnerability in JSF 2.2.20 (CVE-2020-6950), with additional remediation changes announced in May 2021 and January 2024 (ETN IIQSAW-3585, IIQFW-336, CVE-2024-2227).

Product: SailPoint IdentityIQ

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2227

NVD References: https://www.sailpoint.com/security-advisories/

CVE-2024-28861 - Symfony 1 suffers from a gadget chain vulnerability in versions prior to 1.5.19, allowing for remote code execution if user input is deserialized in the `sfNamespacedParameterHolder` class.

Product: Symfony 1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28861

NVD References:

- https://github.com/FriendsOfSymfony1/symfony1/commit/0bd9d59c69221f49bfc8be8b871b79e12d7d171a

- https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-pv9j-c53q-h433

CVE-2024-29185 - FreeScout is vulnerable to OS Command Injection in versions prior to 1.8.128, allowing an adversary to execute malicious commands on the server by exploiting the php_path parameter in the /public/tools.php source file.

Product: FreeScout

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29185

NVD References: https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7p9x-ch4c-vqj9

CVE-2022-36407 - Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information through insertion into log files.

Product: Hitachi Virtual Storage Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36407

NVD References: https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html

CVE-2024-2862 - This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.

Product: LG LED Assistant

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2862

NVD References: https://lgsecurity.lge.com/bulletins/idproducts#updateDetails

CVE-2024-2865 - Mergen Software Quality Management System is vulnerable to SQL Injection through 25032024, allowing attackers to execute malicious SQL commands.

Product: Mergen Quality Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2865

NVD References: https://www.usom.gov.tr/bildirim/tr-24-0229

CVE-2024-2873 - wolfSSH's server-side state machine is vulnerable to unauthorized access through the creation of channels by a malicious client before user authentication in versions before 1.4.17.

Product: wolfSSL wolfSSH

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2873

NVD References:

- https://github.com/wolfSSL/wolfssh/pull/670

- https://github.com/wolfSSL/wolfssh/pull/671

- https://www.wolfssl.com/docs/security-vulnerabilities/

CVE-2024-30231 - Product Import Export for WooCommerce allows unrestricted file uploads with dangerous types, leading to potential security risks in versions n/a through 2.4.1.

Product: WebToffee Product Import Export for WooCommerce

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30231

NVD References: https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-4-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-23656 - MainWP File Uploader Extension allows for unrestricted upload of files with dangerous types, posing a security risk from versions n/a through 4.1.

Product: MainWP File Uploader Extension

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23656

NVD References: https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-28787 - Quiz And Survey Master is vulnerable to an SQL Injection issue in versions up to 8.1.4, allowing attackers to manipulate SQL queries and potentially access or modify sensitive data.

Product: ExpressTech Quiz And Survey Master

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28787

NVD References: https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2023-29386 - Julien Crego Manager for Icomoon allows for unrestricted file uploads of dangerous types.

Product: Julien Crego Manager forIcomoon

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29386

NVD References: https://patchstack.com/database/vulnerability/manager-for-icomoon/wordpress-manager-for-icommon-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-38388 - Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.

Product: Artbees JupiterX Core

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38388

NVD References: https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-47842 - Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.

Product: Zachary Segal CataBlog

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47842

NVD References: https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-47846 - Terry Lin WP Githuber MD is vulnerable to unrestricted upload of file with dangerous type, affecting versions from n/a through 1.16.2.

Product: Terry Lin WP Githuber MD

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47846

NVD References: https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-47873 - WP Child Theme Generator allows for unrestricted upload of files with dangerous types, leaving it vulnerable to attacks from n/a through version 1.0.9.

Product: WEN Solutions WP Child Theme Generator

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47873

NVD References: https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-48777 - Elementor Website Builder is vulnerable to Unrestricted Upload of File with Dangerous Type from version 3.3.0 through 3.18.1.

Product: Elementor Website Builder

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48777

NVD References: https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-28916 - Xbox Gaming Services Elevation of Privilege Vulnerability

Product: Microsoft Xbox Gaming Services

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28916

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28916

CVE-2023-51467 - The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

Product: Apache OfBiz

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51467

ISC Diary: https://isc.sans.edu/diary/30784

CVE-2024-1580 - dav1d AV1 decoder is vulnerable to integer overflow, potentially causing memory corruption; update to version 1.4.0 or higher recommended.

Product: VideoLAN dav1d AV1 decoder

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1580

ISC Diary: https://isc.sans.edu/diary/30778

The following vulnerability needs a manual review:

CVE-2023-41724 - Ivanti Standalone Sentry: An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Product: Ivanti Standalone Sentry

CVSS Score: 9.6

NVD: N/A

ISC Podcast: https://isc.sans.edu/podcastdetail/8906

References: https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US