The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Got MFA? If not, Now is the Time!

Published: 2024-05-15

Last Updated: 2024-05-15 12:04:47 UTC

by Rob VandenBrink (Version: 1)

I had an interesting call from a client recently - they had a number of "net use" and "psexec" commands pop up on a domain controller, all called from PSEXEC (thank goodness for a good EDR deployed across the board!!). The source IP was a VPN session.

Anyway, we almost immediately declared an incident, and the VPN that was in use that had just Userid / Password authentication was the ingress. We found a US employee with an active VPN session from Europe (the classic "impossible geography session") - so the standard "kill the session, deactivate the account / change the password action" ensued.

Followed by a serious conversation - really your userid/password protected VPN is only as strong as your weakest password. Any you KNOW that some folks have kept their "Welcome123" password that they got at their last "I forgot my password" helpdesk call. Also, your userid/password VPN is only as strong as the weakest other site that your folks have used their work credentials for.

Anyway the actions and discussion above was followed by the "who would want to target us?" conversation, so off to the logs we went.

The standard Cisco VPN rejected login syslog message looks like this ...

Read the full entry:

https://isc.sans.edu/diary/Got+MFA+If+not+Now+is+the+Time/30926/

Microsoft May 2024 Patch Tuesday

Published: 2024-05-14

Last Updated: 2024-05-14 17:28:16 UTC

by Renato Marinho (Version: 1)

This month we got patches for 67 vulnerabilities. Of these, 1 are critical, and 1 is being exploited according to Microsoft.

The critical vulnerability is a Remote Code Execution (RCE) affecting the Microsoft Sharepoint Server (CVE-2024-30044). According to the advisory, an authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server. The CVSS for the vulnerability is 8.8.

The zero-day vulnerability is an elevation of privilege on Windows DWM (Desktop Windows Management) Core Library (CVE-2024-30051). According to the advisory, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The CVSS for the vulnerability is 7.8.

There is an important vulnerability affecting MinGit software (CVE-2024-32002), used by Microsoft Visual Studio, caused by an improper limitation of a pathname to a restricted directory ('Path Traversal') making it susceptible to Remote Code Execution. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. The CVSS for the vulnerability is 9.0 – the highest for this month.

See the full list of patches ...

Read the full entry:

https://isc.sans.edu/diary/Microsoft+May+2024+Patch+Tuesday/30920/

Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated.

Published: 2024-05-14

Last Updated: 2024-05-14 01:43:19 UTC

by Johannes Ullrich (Version: 1)

Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS. A standalone update for Safari was released for older versions of macOS. One already exploited vulnerability, CVE-2024-23296 is patched for older versions of macOS and iOS. In March, Apple patched this vulnerability for more recent versions of iOS and macOS ...

Read the full entry:

https://isc.sans.edu/diary/Apple+Patches+Everything+macOS+iOS+iPadOS+watchOS+tvOS+updated/30916/

DNS Suffixes on Windows (2024.05.12)

https://isc.sans.edu/diary/DNS+Suffixes+on+Windows/30912/

Analyzing PDF Streams (2024.05.09)

https://isc.sans.edu/diary/Analyzing+PDF+Streams/30908/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability

Product: Microsoft Windows DWM Core Library

CVSS Score: 7.8

** KEV since 2024-05-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30051

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051

CVE-2024-32002 - Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Product: Git

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32002

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32002

NVD References:

- https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt

- https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks

- https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d

- https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv

CVE-2024-4671 - Chromium: Use after free in Visuals

Product: Google Chrome

CVSS Score: 0

** KEV since 2024-05-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4671

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4671

NVD References:

- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html

- https://issues.chromium.org/issues/339266700

CVE-2024-4558 - Chromium: Use after free in ANGLE

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4558

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4558

NVD References:

- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html

- https://issues.chromium.org/issues/337766133

CVE-2024-4559 - Chromium: Heap buffer overflow in WebAudio

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4559

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4559

NVD References:

- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html

- https://issues.chromium.org/issues/331369797

CVE-2024-4331 - Chromium: Use after free in Picture In Picture

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4331

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4331

CVE-2024-4368 - Chromium: Use after free in Dawn

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4368

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4368

CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass Vulnerability

Product: Microsoft Windows MSHTML Platform

CVSS Score: 8.8

** KEV since 2024-05-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30040

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040

CVE-2024-21006 - Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable flaw, allowing unauthenticated attackers to compromise critical data or gain complete access to all server data.

Product: Oracle WebLogic Server

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21006

ISC Podcast: https://isc.sans.edu/podcast/8972

CVE-2024-30044 - Microsoft SharePoint Server Remote Code Execution Vulnerability

Product: Microsoft SharePoint Server

CVSS Score: 7.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30044

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044

CVE-2024-32004 - GitHub: Remote Code Execution while cloning special-crafted local repositories

Product: GitHub

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32004

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32004

NVD References:

- https://git-scm.com/docs/git-clone

- https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8

- https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389

CVE-2024-34342 - react-pdf is vulnerable to unrestricted attacker-controlled JavaScript execution when loading malicious PDFs using PDF.js with `isEvalSupported` set to `true`, fixed in versions 7.7.3 and 8.0.2.

Product: react-pdf PDF.js

CVSS Score: 7.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34342

ISC Podcast: https://isc.sans.edu/podcast/8972

NVD References:

- https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6

- https://github.com/mozilla/pdf.js/pull/18015

- https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq

- https://github.com/wojtekmaj/react-pdf/commit/208f28dd47fe38c33ce4bac4205b2b0a0bb207fe

- https://github.com/wojtekmaj/react-pdf/commit/671e6eaa2e373e404040c13cc6b668fe39839cad

- https://github.com/wojtekmaj/react-pdf/security/advisories/GHSA-87hq-q4gp-9wr4

CVE-2024-4393 - The Social Connect plugin for WordPress up to version 1.2 is vulnerable to authentication bypass due to insufficient verification on the OpenID server during social login, allowing unauthenticated attackers to login as any existing user on the site, including administrators, if they have the email access.

Product: WordPress Social Connect plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4393

NVD References:

- https://plugins.trac.wordpress.org/browser/social-connect/tags/1.2/openid/openid.php#L575

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2882d9dd-0c73-4c9a-99cb-d10900503103?source=cve

CVE-2024-32980 - Spin versions prior to 2.4.3 allow for arbitrary host requests via the `Host` HTTP header in specifically configured applications using `self` requests without a specified URL authority.

Product: Spin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32980

NVD References:

- https://github.com/fermyon/spin/commit/b3db535c9edb72278d4db3a201f0ed214e561354

- https://github.com/fermyon/spin/security/advisories/GHSA-f3h7-gpjj-wcvh

CVE-2023-47709 - IBM Security Guardium versions 11.3, 11.4, 11.5, and 12.0 are vulnerable to remote code execution by an authenticated attacker via a specially crafted request (IBM X-Force ID: 271524).

Product: IBM Security Guardium

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47709

NVD References:

- https://exchange.xforce.ibmcloud.com/vulnerabilities/271524

- https://www.ibm.com/support/pages/node/7150840

CVE-2024-0087 - NVIDIA Triton Inference Server for Linux allows users to set the logging location to an arbitrary file, potentially leading to code execution and other security risks.

Product: NVIDIA Triton Inference Server

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0087

NVD References: https://nvidia.custhelp.com/app/answers/detail/a_id/5535

CVE-2024-25641 - Cacti is vulnerable to an arbitrary file write exploit in versions prior to 1.2.27, allowing authenticated users to execute arbitrary PHP code via the "Package Import" feature.

Product: Cacti

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25641

NVD References:

- https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210

- https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88

CVE-2024-29895 - Cacti is vulnerable to a command injection issue on the 1.3.x DEV branch, allowing unauthenticated users to execute arbitrary commands on the server when PHP's `register_argc_argv` option is enabled.

Product: Cacti

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29895

NVD References:

- https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119

- https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d

- https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc

-

https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m

CVE-2024-34340 - Cacti's vulnerability in `compat_password_verify` allows for a type juggling attack when comparing md5-hashed user input with the correct password in the database.

Product: Cacti

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34340

NVD References:

https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m

CVE-2024-28075 - The SolarWinds Access Rights Manager is vulnerable to Remote Code Execution, enabling authenticated users to exploit the service for malicious purposes.

Product: SolarWinds Access Rights Manager

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28075

NVD References:

- https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm

- s_center/arm/content/secure-your-arm-deployment.htm

- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075

CVE-2024-31377 - WP Photo Album Plus plugin allows for unrestricted upload of files with dangerous types, creating a security vulnerability in versions from n/a through 8.7.01.001.

Product: J.N. Breetvelt WP Photo Album Plus

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31377

NVD References: https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-7-01-001-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-32700 - Kognetiks Chatbot for WordPress chatbot-chatgpt allows unrestricted upload of files with dangerous types.

Product: Kognetiks Chatbot for WordPress

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32700

NVD References: https://patchstack.com/database/vulnerability/chatbot-chatgpt/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-32735 - CyberPower PowerPanel Enterprise prior to v2.8.3 allows unauthenticated remote attackers to access PDNU REST APIs and compromise the application.

Product: CyberPower PowerPanel Enterprise

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32735

NVD References:

- https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote

- https://www.tenable.com/security/research/tra-2024-14

CVE-2024-32964 - Lobe Chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint.

Product: Lobe AI Lobe Chat

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32964

NVD References:

- https://github.com/lobehub/lobe-chat/commit/465665a735556669ee30446c7ea9049a20cc7c37

- https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc

CVE-2024-34070 - Froxlor server administration software prior to version 2.1.9 is vulnerable to stored blind XSS, allowing unauthenticated users to inject malicious scripts in the loginname parameter and potentially gain full control over the application.

Product: Froxlor Application

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34070

NVD References:

- https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6

- https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53

CVE-2024-34359 - llama-cpp-python is vulnerable to remote code execution due to a server side template injection in the `Jinja2ChatFormatter` component.

Product: llama-cpp-python Llama

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34359

NVD References:

- https://github.com/abetlen/llama-cpp-python/commit/b454f40a9a1787b2b5659cd2cb00819d983185df

- https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829

CVE-2024-34411 - Thomas Scholl canvasio3D Light is vulnerable to unrestricted file uploads of dangerous types, impacting versions from n/a through 2.5.0.

Product: Thomas Scholl canvasio3D Light

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34411

NVD References: https://patchstack.com/database/vulnerability/canvasio3d-light/wordpress-canvasio3d-light-plugin-2-5-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-34416 - Pk Favicon Manager allows for unrestricted uploading of malicious files, posing a security risk from version n/a to 2.1.

Product: Pk Favicon Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34416

NVD References: https://patchstack.com/database/vulnerability/phpsword-favicon-manager/wordpress-pk-favicon-manager-plugin-2-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-34440 - Jordy Meow AI Engine: ChatGPT Chatbot is vulnerable to unrestricted upload of dangerous file types, affecting versions n/a through 2.2.63.

Product: Jordy Meow AI Engine: ChatGPT Chatbot

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34440

NVD References: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-2-63-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-34555 - Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3.

Product: URBAN BASE Z-Downloads

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34555

NVD References: https://patchstack.com/database/vulnerability/z-downloads/wordpress-z-downloads-plugin-1-11-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-34706 - Valtimo exposes the user's access token to `api.form.io` via the `x-jwt-token` header, allowing attackers to retrieve personal information or execute requests on behalf of the logged-in user due to misconfiguration of the Form.io component.

Product: Valtimo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34706

NVD References:

- https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/1aaba5ef5750dafebbc7476fb08bf2375a25f19e

- https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/8c2dbf2a41180d2b0358d878290e4d37168f0fb6

- https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/d65e05fd2784bd4a628778b34a5b79ce2f0cef8c

- https://github.com/valtimo-platform/valtimo-frontend-libraries/security/advisories/GHSA-xcp4-62vj-cq3r

CVE-2024-3070 - The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection through deserialization of untrusted input from the LastViewedPosts Cookie, potentially allowing unauthenticated attackers to inject a PHP Object and exploit the system.

Product: WPBeginner Last Viewed Posts plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3070

NVD References:

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3062246%40last-viewed-posts&new=3062246%40last-viewed-posts&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b6c5cc05-b147-46f6-aaa9-4c82aae1b544?source=cve

CVE-2024-3263 - YMS VIS Pro is vulnerable to unauthorized access due to weak password policies and an improper credential generation method, but has been addressed through authentication mechanism changes and additional security measures.

Product: YMS VIS Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3263

NVD References:

- https://remediata.com/blog/cve-2024-3263-improper-authentication-in-yms-vis-pro/

- https://www.svps.sk/vis/

CVE-2024-3806 - The Porto theme for WordPress is vulnerable to Local File Inclusion through the 'porto_ajax_posts' function, allowing unauthenticated attackers to execute arbitrary files and potentially access sensitive data.

Product: WordPress Porto theme

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3806

NVD References:

- https://themeforest.net/item/porto-responsive-wordpress-ecommerce-theme/9207399

- https://www.wordfence.com/threat-intel/vulnerabilities/id/98ccc604-79c6-4be9-acb0-23fc82a31dfa?source=cve

CVE-2024-4413 - The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection up to version 4.11.1, allowing unauthenticated attackers to inject a PHP Object and potentially access sensitive data.

Product: WordPress Hotel Booking Lite plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4413

NVD References:

- https://plugins.trac.wordpress.org/browser/motopress-hotel-booking-lite/trunk/includes/shortcodes/checkout-shortcode/step-checkout.php#L149

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3084187%40motopress-hotel-booking-lite%2Ftrunk&old=3081058%40motopress-hotel-booking-lite%2Ftrunk&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/1d7f1283-a274-49a2-8bec-da178771b13a?source=cve

CVE-2024-4434 - The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to time-based SQL Injection in versions up to 4.2.6.5, allowing unauthenticated attackers to extract sensitive information from the database.

Product: LearnPress WordPress LMS Plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4434

NVD References:

- https://inky-knuckle-2c2.notion.site/Unauthenticated-SQLI-in-Learnpress-plugin-Latest-Version-4-2-6-5-a86fe63bcc7b4c9988802688211817fd?pvs=25

- https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/Databases/class-lp-course-db.php#L508

- https://plugins.trac.wordpress.org/changeset/3082204/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2d64e1c6-1e25-4438-974d-b7da0979cc40?source=cve

CVE-2024-4560 - The Kognetiks Chatbot for WordPress plugin is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially achieve remote code execution on affected servers.

Product: Kognetiks Chatbot for WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4560

NVD References:

- https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-file-upload.php#L17

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve

CVE-2024-4701 - A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

Product: Genie

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4701

NVD References: https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md

CVE-2024-4824 - School ERP Pro+Responsive 1.0 is vulnerable to SQL injection through the '/SchoolERP/office_admin/' index, allowing remote attackers to access database information.

Product: School ERP Pro+Responsive 1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4824

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution

CVE-2024-4825 - Agentejo Cockpit CMS v0.5.5 is vulnerable to arbitrary file uploads via a post request in the '/media/api' parameter, allowing attackers to compromise the server's infrastructure.

Product: Agentejo Cockpit CMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4825

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms

CVE-2024-22267 - VMware Workstation and Fusion are susceptible to a use-after-free vulnerability in the vbluetooth device, enabling local administrative users on a virtual machine to execute code as the VMX process on the host.

Product: VMware Workstation and Fusion

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22267

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

CVE-2024-27939 - RUGGEDCOM CROSSBOW (All versions < V5.5) allows unauthenticated users to upload arbitrary files, leading to potential arbitrary code execution by attackers.

Product: Siemens RUGGEDCOM CROSSBOW

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27939

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-916916.html

CVE-2024-30207 - SIMATIC RTLS Locating Manager (All versions < V3.0.1.1) uses symmetric cryptography with a hard-coded key, which can be exploited by an unauthenticated remote attacker to compromise communication confidentiality, integrity, and system availability.

Product: Siemens AG SIMATIC RTLS Locating Manager

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30207

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-093430.html

CVE-2024-30209 - SIMATIC RTLS Locating Manager versions prior to V3.0.1.1 are vulnerable to unauthorized eavesdropping and modification of transmitted resources due to lack of cryptographic protection.

Product: Siemens SIMATIC RTLS Locating Manager

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30209

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-093430.html

CVE-2024-33499 - SIMATIC RTLS Locating Manager (6GT2780-0DA00, 6GT2780-0DA10, 6GT2780-0DA20, 6GT2780-0DA30, 6GT2780-1EA10, 6GT2780-1EA20, 6GT2780-1EA30) allows a privileged attacker to escalate their privileges due to incorrect user management component permissions.

Product: Siemens SIMATIC RTLS Locating Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33499

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-093430.html

CVE-2024-32740 - SIMATIC CN 4100 (All versions < V3.0) contains undocumented users and credentials which can be exploited by an attacker to compromise the device.

Product: Siemens SIMATIC CN 4100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32740

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-273900.html

CVE-2024-32741 - SIMATIC CN 4100 (All versions < V3.0) contains hard coded passwords for `root` and `GRUB`, allowing attackers to gain root access with a cracked password hash.

Product: Siemens SIMATIC CN 4100

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32741

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-273900.html

CVE-2024-33006 - Server is vulnerable to remote code execution due to unauthenticated attacker uploading malicious file that can compromise system.

Product: Not Enough Minions Secure File Upload Pro

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33006

NVD References:

- https://me.sap.com/notes/3448171

- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVE-2024-34716 - PrestaShop is vulnerable to a cross-site scripting (XSS) issue in versions prior to 8.1.6, which allows an attacker to upload a malicious file through the front-office contact form and gain unauthorized access to the admin's session and security token.

Product: PrestaShop

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34716

NVD References:

- https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6

- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78

CVE-2024-26238 - Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability

Product: Microsoft PLUGScheduler

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26238

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26238

CVE-2024-27107 - Weak account password in GE HealthCare EchoPAC products

Product: GE HealthCare EchoPAC

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27107

NVD References: https://securityupdate.gehealthcare.com/

CVE-2024-29994 - Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability

Product: Microsoft Windows SCSI Class System File

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29994

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29994

CVE-2024-29996 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows Common Log File System Driver

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29996

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29996

CVE-2024-30006 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Product: Microsoft WDAC OLE DB provider for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30006

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30006

CVE-2024-30007 - Microsoft Brokering File System Elevation of Privilege Vulnerability

Product: Microsoft Brokering File System

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30007

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30007

CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022 through CVE-2024-30024, CVE-2024-30029 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities

Product: Microsoft Windows Routing and Remote Access Service (RRAS)

CVSS Scores: 7.5 - 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30009

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30014

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30015

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30022

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30023

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30024

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30029

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30009

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30014

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30015

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30022

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30023

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30024

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30029

CVE-2024-30010 & CVE-2024-30017 - Windows Hyper-V Remote Code Execution Vulnerabilities

Product: Microsoft Windows Hyper-V

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30010

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30017

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30010

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30017

CVE-2024-30018 - Windows Kernel Elevation of Privilege Vulnerability

Product: Microsoft Windows Kernel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30018

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30018

CVE-2024-30020 - Windows Cryptographic Services Remote Code Execution Vulnerability

Product: Microsoft Windows Cryptographic Services

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30020

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30020

CVE-2024-30025 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows Common Log File System Driver

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30025

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30025

CVE-2024-30027 - NTFS Elevation of Privilege Vulnerability

Product: Microsoft NTFS

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30027

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30027

CVE-2024-30028, CVE-2024-30030, & CVE-2024-30038 - Win32k Elevation of Privilege Vulnerabilities

Product: Microsoft Win32k

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30028

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30030

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30038

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30028

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30030

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30038

CVE-2024-30049 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Product: Microsoft Windows Win32 Kernel Subsystem

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30049

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30049

CVE-2024-30031 - Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Product: Microsoft Windows CNG Key Isolation Service

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30031

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30031

CVE-2024-30032 & CVE-2024-30035 - Windows DWM Core Library Elevation of Privilege Vulnerabilities

Product: Microsoft Windows DWM Core Library

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30032

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30035

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30032

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30035

CVE-2024-30033 - Windows Search Service Elevation of Privilege Vulnerability

Product: Microsoft Windows Search Service

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30033

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033

CVE-2024-30037 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows Common Log File System Driver

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30037

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30037

CVE-2024-30042 - Microsoft Excel Remote Code Execution Vulnerability

Product: Microsoft Excel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30042

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30042

CVE-2024-30047 & CVE-2024-30048 - Dynamics 365 Customer Insights Spoofing Vulnerabilities

Product: Microsoft Dynamics 365 Customer Insights

CVSS Score: 7.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30047

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30048

ISC Diary: https://isc.sans.edu/diary/30920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30047

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30048

CVE-2024-31466 - Aruba's CLI service is vulnerable to buffer overflow issues via specially crafted packets, potentially allowing unauthenticated remote code execution.

Product: Aruba Access Point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31466

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31467 - Aruba's CLI service is vulnerable to buffer overflow issues via specially crafted packets, potentially allowing unauthenticated remote code execution.

Product: Aruba Access Point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31467

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31468 - Aruba's Central Communications service is vulnerable to buffer overflow attacks via specially crafted packets sent to the PAPI UDP port, allowing for unauthenticated remote code execution as a privileged user.

Product: Aruba Networks Central Communications Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31468

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31469 - Aruba's Central Communications service is vulnerable to buffer overflow attacks via specially crafted packets sent to the PAPI UDP port, allowing for unauthenticated remote code execution as a privileged user.

Product: Aruba Networks Central Communications Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31469

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31470 - Aruba's SAE service is vulnerable to a buffer overflow flaw that allows unauthenticated remote attackers to execute arbitrary code on the underlying operating system.

Product: Aruba Access Point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31470

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31471 - Aruba's Central Communications service is vulnerable to unauthenticated remote code execution through specially crafted packets sent to the PAPI UDP port (8211).

Product: Aruba Networks Central Communications Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31471

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31473 - Aruba's deauthentication service is vulnerable to command injection, allowing unauthenticated remote code execution by sending malicious packets to the PAPI UDP port (8211).

Product: Aruba Access Point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31473

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31472 - Soft AP Daemon service has command injection vulnerabilities that allow unauthenticated remote code execution through specially crafted packets sent to the PAPI UDP port (8211), enabling arbitrary code execution as a privileged user on the underlying operating system.

Product: Aruba Networks Soft AP Daemon

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31472

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-32888 - The Amazon JDBC Driver for Redshift is vulnerable to SQL injection when using the non-default connection property `preferQueryMode=simple` prior to version 2.1.0.28.

Product: Amazon JDBC Driver for Redshift

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32888

NVD References:

- https://github.com/aws/amazon-redshift-jdbc-driver/commit/0d354a5f26ca23f7cac4e800e3b8734220230319

- https://github.com/aws/amazon-redshift-jdbc-driver/commit/12a5e8ecfbb44c8154fc66041cca2e20ecd7b339

- https://github.com/aws/amazon-redshift-jdbc-driver/commit/bc93694201a291493778ce5369a72befeca5ba7d

- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm

- https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56

CVE-2024-4893 - DigiWin EasyFlow .NET is susceptible to SQL injection attacks due to inadequate input parameter validation, potentially leading to unauthorized database access and command execution by remote hackers.

Product: DigiWin EasyFlow .NET

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4893

NVD References:

- https://www.twcert.org.tw/en/cp-139-7801-67d07-2.html

- https://www.twcert.org.tw/tw/cp-132-7800-843f1-1.html

The following vulnerability need a manual review:

CVE-2024-23296 - Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Product: Multiple Apple products

CVSS Score: N/A

** KEV since 2024-03-06 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23296

ISC Diary: https://isc.sans.edu/diary/30916

ISC Podcast: https://isc.sans.edu/podcastdetail/8980

NVD References:

- https://support.apple.com/en-us/HT214081

- https://support.apple.com/en-us/HT214084

- https://support.apple.com/en-us/HT214086

- https://support.apple.com/en-us/HT214087

- https://support.apple.com/en-us/HT214088