The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft Patch Tuesday June 2024
Published: 2024-06-11
Last Updated: 2024-06-11 19:06:06 UTC
by Johannes Ullrich (Version: 1)

Microsoft's June 2024 update fixes a total of 58 vulnerabilities. 7 of these vulnerabilities are associated with Chromium and Microsoft's Brave browser. Only one vulnerability is rated critical. One of the vulnerabilities had been disclosed before today.

Vulnerabilities of Interest:

CVE-2023-50868 NSEC closest enclosed proof can exhaust CPU: This issue became public in February. It affects not only Microsoft's DNS implementations but several other DNS servers. The vulnerability was made public by researchers from several German universities and research labs. They called it "KEYTRAP" and released a paper with details ...

CVE-2024-30080 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability: MSMQ is the service that keeps on giving. The tricky part with MSMQ is that third party software often uses it. MSMQ usually listens on port port 1801/TCP. We do see a good amount of "background hum" on port 1801, and I do not see a good reason to expose it to the internet.

Read the full entry:
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2024/31000/


Attacker Probing for New PHP Vulnerability CVE-2024-4577
Published: 2024-06-09
Last Updated: 2024-06-09 21:03:28 UTC
by Johannes Ullrich (Version: 1)

Our honeypots have detected the first probes for CVE-2024-4577. This vulnerability was originally discovered by Orange Tsai on Friday (June 7th). Watchtwr labs followed up with a detailed blog post and a proof of concept exploit.

Watchtwr Labs says PHP is only vulnerable if used in CGI mode in Chinese and Japanese locales. According to Orange Tsai, other locales may be vulnerable as well.

In CGI mode on Windows, the web server will execute "php.exe" and pass user-supplied parameters as command line or environment variables. This may potentially lead to OS command injection, a vulnerability I just covered last week in a video.

As parameters are passed from Apache to the command line, Apache will escape hyphens and render them harmless. However, an attacker may provide a "soft hyphen" (Unicode code point 0x00AD). PHP performs "best fit mapping" on characters passed on the command line, translating it to a dash. This allows an attacker to bypass the Apache escape process, and inject dashes. With that, an attacker can supply command line arguments to php.exe. A possibly choice outlined by Watchtwr is ...

Read the full entry:
https://isc.sans.edu/diary/Attacker+Probing+for+New+PHP+Vulnerablity+CVE20244577/30994/


Brute Force Attacks Against Watchguard VPN Endpoints
Published: 2024-06-05
Last Updated: 2024-06-05 14:05:58 UTC
by Johannes Ullrich (Version: 1)

If you have a pulse and work in information security (or are a new scraping script without a pulse), you have probably seen reports of attacks against VPN endpoints. Running any VPN without strong authentication has been negligent for years, but in recent times, ransomware gangs, in particular, picked them off pretty quickly.

One of our honeypots just saw an attacker move through, attempting to brute force a Watchguard firewall VPN. I haven't seen much written about Watchguard lately, so I figured this may be a good reminder. The requests I was seeing against one honeypot in particular ...

Read the full entry:
https://isc.sans.edu/diary/Brute+Force+Attacks+Against+Watchguard+VPN+Endpoints/30984/

Finding End of Support Dates: UK PTSI Regulation (2024.06.07) https://isc.sans.edu/diary/Finding+End+of+Support+Dates+UK+PTSI+Regulation/30992/

Malicious Python Script with a "Best Before" Date (2024.06.06) https://isc.sans.edu/diary/Malicious+Python+Script+with+a+Best+Before+Date/30988/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.


CVE-2024-4577 - PHP versions 8.1.*, 8.2.*, and 8.3.* on Windows using Apache and PHP-CGI are vulnerable to character substitution leading to potential source code exposure and arbitrary code execution.
Product: PHP
CVSS Score: 9.8
** KEV since 2024-06-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4577
ISC Diary: https://isc.sans.edu/diary/30994
ISC Podcast: https://isc.sans.edu/podcastdetail/9016
NVD References:
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
- https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
- https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately



NVD References: https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
NVD References: https://github.com/11whoami99/CVE-2024-4577
NVD References: https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
NVD References: https://github.com/rapid7/metasploit-framework/pull/19247
NVD References: https://github.com/watchtowrlabs/CVE-2024-4577
NVD References: https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
NVD References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
NVD References: https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
NVD References: https://www.php.net/ChangeLog-8.php#8.1.29
NVD References: https://www.php.net/ChangeLog-8.php#8.2.20
NVD References: https://www.php.net/ChangeLog-8.php#8.3.8


CVE-2024-30080 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Product: Microsoft Message Queuing (MSMQ)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30080
ISC Diary: https://isc.sans.edu/diary/31000
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30080


CVE-2024-29849 - Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
Product: Veeam Backup Enterprise Manager
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29849
ISC Podcast: https://isc.sans.edu/podcastdetail/9018


CVE-2024-4610 - Arm Ltd Bifrost and Valhall GPU Kernel Drivers from r34p0 through r40p0 allow local non-privileged users to access already freed memory through improper GPU memory processing operations.
Product: Arm Bifrost Gpu Kernel Driver
CVSS Score: 5.5
** KEV since 2024-06-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4610
NVD References: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities


CVE-2024-29972 & CVE-2024-29973 - Zyxel NAS326 and NAS542 are vulnerable to command injection
Product: Zyxel NAS326
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29972
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29973
NVD References:
- https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024


CVE-2024-29974 - Zyxel NAS326 and NAS542 are vulnerable to remote code execution via crafted configuration file uploads.
Product: Zyxel NAS326
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29974
NVD References:
- https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024


CVE-2024-4552 - The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass through social login, allowing unauthenticated attackers to log in as any existing user on the site, up to version 1.6.0.
Product: WordPress Social Login Lite For WooCommerce plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4552
NVD References:
- https://plugins.trac.wordpress.org/browser/social-login-lite-for-woocommerce/tags/1.6.0/woocommerce_social_login.php#L499
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f91d6ad6-82fc-4507-90e2-aedfff26bac5?source=cve


CVE-2023-33930 - Unlimited Elements For Elementor (Free Widgets, Addons, Templates) before version 1.5.66 allows Code Injection through unrestricted upload of dangerous file types.
Product: Unlimited Elements For Elementor
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33930
NVD References: https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-66-unrestricted-zip-extraction-vulnerability?_s_id=cve


CVE-2024-25600 - Bricks Builder by Codeer Limited is vulnerable to Code Injection from versions n/a through 1.9.6.
Product: Codeer Limited Bricks Builder
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25600
NVD References:
- https://github.com/Chocapikk/CVE-2024-25600
- https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT
- https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve
- https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve
- https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6


CVE-2024-33560 - XStore is vulnerable to improper limitation of a pathname, allowing PHP local file inclusion from n/a through 9.3.8.
Product: 8theme XStore
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33560
NVD References: https://patchstack.com/database/vulnerability/xstore/wordpress-xstore-theme-9-3-5-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve


CVE-2024-34551 - Stockholm: from n/a through 9.6 is vulnerable to a Path Traversal issue allowing PHP Local File Inclusion.
Product: Select-Themes Stockholm
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34551
NVD References: https://patchstack.com/database/vulnerability/stockholm/wordpress-stockholm-theme-9-6-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve


CVE-2024-35629 - Wow-Company Easy Digital Downloads – Recent Purchases is vulnerable to PHP Remote File Inclusion due to improper control of filename for include/require statement.
Product: Wow-Company Easy Digital Downloads
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35629
NVD References: https://patchstack.com/database/vulnerability/edd-recent-purchases/wordpress-easy-digital-downloads-recent-purchases-plugin-1-0-2-remote-file-inclusion-vulnerability?_s_id=cve


CVE-2024-35700 - Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8.
Product: Userpro plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35700
NVD References: https://patchstack.com/database/vulnerability/userpro/wordpress-userpro-plugin-5-1-8-unauthenticated-account-takeover-vulnerability?_s_id=cve


CVE-2024-36400 - Nano-id is a unique string ID generator for Rust that incorrectly generated IDs with a reduced character set, leading to predictability and vulnerability in security-sensitive contexts.
Product: Viz Nano ID
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36400
NVD References:
- https://github.com/viz-rs/nano-id/commit/a9022772b2f1ce38929b5b81eccc670ac9d3ab23
- https://github.com/viz-rs/nano-id/security/advisories/GHSA-9hc7-6w9r-wj94


CVE-2024-35670 - Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.93.
Product: Softlab Integrate Google Drive
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35670
NVD References: https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-93-broken-access-control-vulnerability?_s_id=cve


CVE-2024-35672 - Missing Authorization vulnerability in Netgsm. This issue affects Netgsm: from n/a through 2.9.16.
Product: Netgsm
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35672
NVD References: https://patchstack.com/database/vulnerability/netgsm/wordpress-netgsm-plugin-2-9-16-broken-access-control-vulnerability-2?_s_id=cve


CVE-2024-36604 - Tenda O3V2 v1.0.0.12(3880) is vulnerable to Blind Command Injection via stpEn parameter, enabling attackers to run arbitrary codes as root.
Product: Tenda O3V2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36604
NVD References: https://exzettabyte.me/blind-command-injection-in-stp-service-on-tenda-o3v2/


CVE-2024-36858 & CVE-2024-37273 - Jan v0.4.12 is vulnerable to arbitrary file upload flaws
Product: Homebrew Jan
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36858
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37273
NVD References: https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability


CVE-2024-28103 - Action Pack does not properly handle the application configurable Permissions-Policy in non-HTML responses, leading to a vulnerability in versions prior to 6.1.7.8, 7.0.8.2, and 7.1.3.3.
Product: Rubyonrails Rails
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28103
NVD References:
- https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
- https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7


CVE-2024-4219 - BeyondInsight is vulnerable to server-side request forgery prior to version 23.2 via HTTP-based connectors.
Product: BeyondTrust BeyondInsight
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4219
NVD References: https://www.beyondtrust.com/trust-center/security-advisories/BT24-05


CVE-2024-36121 - Netty-incubator-codec-ohttp is vulnerable to an encryption nonce repetition attack due to errors in the BoringSSLAEADContext implementation.
Product: Netty-Incubator-Codec-Ohttp
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36121
NVD References:
- https://github.com/netty/netty-incubator-codec-ohttp/blob/1ddadb6473cd3be5491d114431ed4c1a9f316001/codec-ohttp-hpke-classes-boringssl/src/main/java/io/netty/incubator/codec/hpke/boringssl/BoringSSLAEADContext.java#L112-L114
- https://github.com/netty/netty-incubator-codec-ohttp/security/advisories/GHSA-g762-h86w-8749


CVE-2024-36675 - LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
Product: Lylme Spage
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36675
NVD References: https://github.com/LyLme/lylme_spage/issues/92


CVE-2024-5635 & CVE-2024-5636- itsourcecode Bakery Online Ordering System 1.0 is vulnerable to critical SQL injection attacks
Product: Bakery Online Ordering System Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5635
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5636
NVD References:
- https://github.com/L1OudFd8cl09/CVE/blob/main/03_06_2024_a.md
- https://vuldb.com/?ctiid.267091
- https://vuldb.com/?ctiid.267092
- https://vuldb.com/?id.267091
- https://vuldb.com/?id.267092
- https://vuldb.com/?submit.349244
- https://vuldb.com/?submit.349247


CVE-2024-5262 - ProjectDiscovery Interactsh's smb server vulnerability allows remote attackers to access files or directories and read/write any contents in the directory and subdirectories where interactsh-server is located through anonymous login.
Product: ProjectDiscovery Interactsh
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5262
NVD References:
- https://github.com/projectdiscovery/interactsh/pull/874
- https://zuso.ai/advisory/za-2024-01


CVE-2024-4295 - The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection in versions up to 5.7.20, allowing unauthenticated attackers to extract sensitive information from the database.
Product: Email Subscribers by Icegram Express plugin for WordPress
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4295
NVD References:
- https://plugins.trac.wordpress.org/changeset/3090845/email-subscribers/trunk/lite/includes/db/class-es-db-lists-contacts.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/641123af-1ec6-4549-a58c-0a08b4678f45?source=cve


CVE-2024-5526 - Grafana OnCall versions 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) issue in the webhook functionality, which was resolved in version 1.5.2.
Product: Grafana OnCall
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5526
NVD References: https://grafana.com/security/security-advisories/cve-2024-5526/


CVE-2024-4008 - ABB, Busch-Jaeger, FTS Display, and BCU have a vulnerability that allows attackers to take control through access to the local KNX Bus-System.
Product: ABB Busch-Jaeger
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4008
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch


CVE-2024-4009 - ABB, Busch-Jaeger, FTS Display and BCU have a vulnerability that allows attackers to capture and replay KNX telegram on the local KNX Bus-System.
Product: ABB Busch-Jaeger
CVSS Score: 9.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4009
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch


CVE-2024-5153 - The Startklar Elementor Addons plugin for WordPress up to 1.7.15 allows unauthenticated attackers to copy and delete files on the server via a Directory Traversal vulnerability in the 'dropzone_hash' parameter.
Product: Startklar Elementor Addons plugin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5153
NVD References:
- https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/widgets/dropzone_form_field.php#L334
- https://www.wordfence.com/threat-intel/vulnerabilities/id/baa20290-9c01-4f8d-adeb-fbfb15b9d6a9?source=cve


CVE-2024-4177 - GravityZone Update Server is susceptible to a server-side request forgery due to a host whitelist parser issue, impacting versions before 6.38.1-2 running on premise.
Product: Bitdefender GravityZone
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4177
NVD References:
- https://bitdefender.com/consumer/support/support/security-advisories/host-whitelist-parser-issue-in-gravityzone-console-on-premise-va-11554/
- https://www.cve.org/CVERecord?id=CVE-2024-4177


CVE-2024-36393 - SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product: SysAid
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36393
NVD References: https://www.gov.il/en/Departments/faq/cve_advisories


CVE-2024-36394 - SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product: SysAid
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36394
NVD References: https://www.gov.il/en/Departments/faq/cve_advisories


CVE-2024-36779 - Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
Product: Stock Management System Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36779
NVD References: https://github.com/CveSecLook/cve/issues/42


CVE-2024-5675 - Mentor - Employee Portal version 3.83.35 is vulnerable to data deserialization attacks, enabling malicious code execution via injection into the "ViewState" field.
Product: Summar Mentor
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5675
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/unreliable-data-deserialization-vulnerability-mentor


CVE-2024-3592 - The Quiz And Survey Master plugin for WordPress is vulnerable to SQL Injection through the 'question_id' parameter, allowing authenticated attackers to access sensitive data in versions up to 9.0.1.
Product: Quiz and Survey Master Best Quiz, Exam and Survey Plugin for WordPress
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3592
NVD References:
- https://plugins.trac.wordpress.org/changeset/3097878/quiz-master-next/trunk/php/admin/options-page-questions-tab.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fc085413-db43-43e3-9b60-aeb341eed4e1?source=cve


CVE-2024-5732 - Clash up to 0.20.1 on Windows is vulnerable to improper authentication due to a critical flaw in the Proxy Port component.
Product: Clash for Windows
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5732
NVD References:
- https://github.com/GTA12138/vul/blob/main/clash%20for%20windows.md
- https://vuldb.com/?ctiid.267406
- https://vuldb.com/?id.267406
- https://vuldb.com/?submit.345469


CVE-2024-5733 - itsourcecode Online Discussion Forum 1.0 is vulnerable to a critical SQL injection flaw in register_me.php due to inadequate processing of the eaddress argument, allowing for remote exploitation with a publicly disclosed exploit (VDB-267407).
Product: itsourcecode Online Discussion Forum 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5733
NVD References:
- https://github.com/kingshao0312/cve/issues/1
- https://vuldb.com/?ctiid.267407
- https://vuldb.com/?id.267407
- https://vuldb.com/?submit.351115


CVE-2024-36673 - Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable to SQL Injection in login.php due to insufficient input validation, enabling unauthorized users to inject harmful SQL queries.
Product: Pharmacy/Medical Store Point Of Sale System Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36673
NVD References: https://github.com/CveSecLook/cve/issues/39


CVE-2024-31244 - Missing Authorization vulnerability in Bricksforge. This issue affects Bricksforge from n/a through 2.0.17.
Product: Bricksforge
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31244
NVD References: https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve


CVE-2024-33565 - UkrSolution Barcode Scanner with Inventory & Order Manager is vulnerable to Missing Authorization from n/a through 1.5.3.
Product: UkrSolution Barcode Scanner with Inventory & Order Manager
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33565
NVD References: https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-3-unauthenticated-broken-access-control-vulnerability?_s_id=cve


CVE-2024-34762 - WPENGINE INC Advanced Custom Fields PRO is vulnerable to Path Traversal and PHP Local File Inclusion due to improper limitation of a pathname discovered during a security audit.
Product: WPENGINE INC Advanced Custom Fields PRO
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34762
NVD References: https://patchstack.com/database/vulnerability/advanced-custom-fields-pro/wordpress-advanced-custom-fields-pro-plugin-6-2-10-contributor-local-file-inclusion-vulnerability?_s_id=cve


CVE-2024-35677 - MegaMenu by StylemixThemes allows PHP Local File Inclusion via Path Traversal, impacting versions up to 2.3.12.
Product: StylemixThemes MegaMenu
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35677
NVD References: https://patchstack.com/database/vulnerability/stm-megamenu/wordpress-megamenu-plugin-2-3-12-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve


CVE-2024-37051 - IntelliJ IDEA versions prior to 2023.1.7 may expose GitHub access token to third-party sites in JetBrains IDEs.
Product: JetBrains: All JetBrains IDEs
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37051
NVD References: https://www.jetbrains.com/privacy-security/issues-fixed/


CVE-2024-35746 - BuddyPress Cover has a vulnerability that allows code injection through unrestricted file uploads of dangerous types.
Product: Asghar Hatampoor BuddyPress Cover
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35746
NVD References: https://patchstack.com/database/vulnerability/bp-cover/wordpress-buddypress-cover-plugin-2-1-4-2-arbitrary-file-upload-vulnerability?_s_id=cve


CVE-2024-36408 through CVE-2024-36412 - SuiteCRM SQL Injection vulnerabilities
Product: SuiteCRM
CVSS Scores: 9.6 - 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36408
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36409
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36410
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36411
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36412
NVD References:
- https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-2g8f-gjrr-x5cg
- https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f
- https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq
- https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-9rvr-mcrf-p4p7
- https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-xjx2-38hv-5hh8


CVE-2024-36415 - SuiteCRM is vulnerable to remote code execution due to a flaw in uploaded file verification prior to versions 7.14.4 and 8.6.1.
Product: SuiteCRM
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36415
NVD References: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh


CVE-2024-3549 - The Blog2Social plugin for WordPress is vulnerable to SQL Injection, allowing authenticated attackers to extract sensitive data from the database.
Product: Blog2Social Social Media Auto Post & Scheduler
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3549
NVD References:
- https://plugins.trac.wordpress.org/changeset/3069574/blog2social/trunk/includes/B2S/Post/Item.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3b472eb8-9808-4a50-b2b4-0b0b3256053f?source=cve


CVE-2024-36266 - PowerSys (All versions < V3.11) is vulnerable to authentication bypass, potentially granting local attackers administrative privileges on managed remote devices.
Product: Power Measurement PowerSys
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36266
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-024584.html


CVE-2024-2012 & CVE-2024-2013 - FOXMAN-UN/UNEM server/API Gateway component authentication bypass vulnerabilities
Product: FOXMAN-UN/UNEM server/API Gateway
CVSS Scores: 9.1 - 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2013
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2012
NVD References: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true


CVE-2024-35213 - QNX SDP versions 6.6, 7.0, and 7.1 are vulnerable to improper input validation in the SGI Image Codec, potentially enabling a denial-of-service attack or code execution by an attacker.
Product: QNX SDP
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35213
NVD References: https://support.blackberry.com/pkb/s/article/139914


CVE-2024-37301 - Document Merge Service is vulnerable to remote code execution via server-side template injection in versions 6.5.1 and prior, allowing for full system takeover with no available patch or workaround.
Product: Fossun Document Merge Service
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37301
NVD References: https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6


CVE-2024-35225 - Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them, with versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 vulnerable to a reflected cross-site scripting (XSS) issue in the `/proxy` endpoint.
Product: Jupyter Server Proxy
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35225
NVD References:
- https://github.com/jupyterhub/jupyter-server-proxy/blob/62a290f08750f7ae55a0c29ca339c9a39a7b2a7b/jupyter_server_proxy/handlers.py#L328
- https://github.com/jupyterhub/jupyter-server-proxy/commit/7abc9dc5bbb0b4b440548a5375261b8b8192fc22
- https://github.com/jupyterhub/jupyter-server-proxy/commit/ff78128087e73fb9d0909e1366f8bf051e8ea878
- https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-fvcq-4x64-hqxr

CVE-2023-50868 - The Closest Encloser Proof aspect of the DNS protocol allows remote attackers to cause a denial of service by consuming CPU for SHA-1 computations in a random subdomain attack.
Product: No vendor name or vulnerable product is mentioned in the given vulnerability description.
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50868
ISC Diary: https://isc.sans.edu/diary/31000