SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 27
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday July 2024
Published: 2024-07-09
Last Updated: 2024-07-09 17:35:23 UTC
by Johannes Ullrich (Version: 1)
Microsoft today released patches for 142 vulnerabilities. Only four of the vulnerabilities are rated as "critical". There are two vulnerabilities that have already been discussed and two that have already been exploited.
Noteworthy Vulnerabilities:
CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability (exploited vulnerability)
An attacker can obtain SYSTEM privilege by exploiting this integer overflow.
CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability
I haven't seen any details disclosed yet. However, these vulnerabilities typically make it difficult to identify the nature and origin of an attachment. A victim may be tricked into opening a malicious attachment, leading to code execution. There have been numerous similar vulnerabilities in the past.
CVE-2024-35264: .NET and Visual Studio Remote Code Execution Vulnerability (disclosed vulnerability)
CVSS score for this vulnerability is 8.1. It is not considered critical. The vulnerability is exploited by closing an http/3 connection while the body is still being processed. The attacker must take advantage of a race condition to execute code.
CVE-2024-37985: Systematic Identification and Characterization of Proprietary Prefetchers (disclosed vulnerability)
This vulnerability only affects ARM systems. An attacker would be able to view privileged heap memory.
CVE-2024-38074, CVE-2024-38076, CVE-2024-38077: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Three of the four critical vulnerabilities affect the RDP Licensing Service. Watch our for PoC exploits for this vulnerability.
CVE-2024-38060: Windows Imaging Component Remote Code Execution Vulnerability
The WIC is the Windows framework used to parse images and related metadata. Toe trigger the vulnerability, an authenticated attacker must upload a TIFF image to a server.
Read the full entry:
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+July+2024/31058/
SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH.
Published: 2024-07-01
Last Updated: 2024-07-01 17:01:32 UTC
by Johannes Ullrich (Version: 1)
Qualys published a blog post with details regarding a critical remote code execution vulnerability.
This week is far from ideal to have to deal with a critical vulnerability in widely used software like OpenSSH. So I want to save you some time by summarizing the most important points in a very brief post:
The CVEs associated with this vulnerability are CVE-2006-5051 and CVE-2024-6387,
The reason for the two CVE numbers and the use of the old 2006 CVE number is that this is a regression. An old vulnerability that came back. Sadly, this happens somewhat regularly (not with OpenSSH, but software in general) if developers do not add tests to ensure the vulnerability is patched in future versions. Missing comments are another reason for these regressions. A developer may remove a test they consider unnecessary.
The vulnerability does allow arbitrary remote code execution without authentication.
OpenSSH versions up to 4.4p1 are vulnerable to CVE-2006-5051
OpenSSH versions from 8.5p1 to 9.8p1 (this is the version patched version)
Remember that many Linux distributions will not increase version numbers if they are backporting a patch
This is a timing issue, and exploitation is not easily reproducible but takes about 10,000 attempts on x86 (32-bit).
This speed of exploitation is limited by the MaxStartups and LoginGraceTime.
Exploitation for AMD64 appears to be not practical at this time.
Most Linux systems are currently running on 64-bit architectures. However, this could be a big deal for legacy systems / IoT systems in particular if no more patches are available. Limiting the rate of new connections using a network firewall may make exploitation less likely in these cases. First of all, a patch should be applied. But if no patch is available, port knocking, moving the server to an odd port or allowlisting specific IPs may be an option.
Read the full entry:
https://isc.sans.edu/diary/SSH+regreSSHion+Remote+Code+Execution+Vulnerability+in+OpenSSH/31046/
Overlooked Domain Name Resiliency Issues: Registrar Communications
Published: 2024-07-05
Last Updated: 2024-07-05 11:54:02 UTC
by Johannes Ullrich (Version: 1)
I often think the Internet would work better without DNS. People unable to remember an IP address would be unable to use it. But on the other hand, there is more to DNS than translating a human-readable hostname to a "machine-readable" IP address. DNS does allow us to use consistent labels even as the IP address changes.
Many critical resources are only referred to by hostname, not by IP address. This does include part of the DNS infrastructure itself. NS records point to hostnames, not IP addresses, and we use glue records (A records, actually) to resolve them. Organizations typically rely on multiple authoritative name servers that automatically replicate updates between them to provide resiliency for DNS. This process is typically quite reliant, and cloud providers offer additional services to ensure data availability. Anycast name servers can provide additional resilience to this setup.
However, there is a weak point in this setup: Registrars. Yesterday, Hurricane Electric, a significant internet transit provider, experienced this problem ...
As an internet transit provider, Hurricane Electric relies on BGP (Border Gateway Protocol) to route traffic to and from its customers. The associate routers are identified with hostnames like "ns1-ns5.he.net". However, yesterday the name resolution for he.net failed. It probably didn't help that this happened on a major holiday in the US.
The domain "he.net" is hosted with Network Solutions. Network Solutions is one of the "original" domain registrars but has been going through the usual acquisitions and mergers. They currently appear to be owned by Newfold, a company that happens to be located in Jacksonville, FL, where I happen to reside, too.
Yesterday, he.net stopped resolving. The technical issue was that the he.net domain was removed from the .net zone. Without any nameservers being returned by .net nameservers, clients could not resolve he.net names. The registrar is responsible for maintaining this information. Registrars are "special" because they have the contracts in place to update these top-level domains with whoever maintains them. Whois can be used to identify these relationships. For he.net, the whois record returned ...
Read the full entry:
https://isc.sans.edu/diary/Overlooked+Domain+Name+Resiliency+Issues+Registrar+Communications/31048/
Internet Storm Center Entries
Finding Honeypot Data Clusters Using DBSCAN: Part 1 (2024.07.10)
https://isc.sans.edu/diary/Finding+Honeypot+Data+Clusters+Using+DBSCAN+Part+1/31050/
Kunai: Keep an Eye on your Linux Hosts Activity (2024.07.08)
https://isc.sans.edu/diary/Kunai+Keep+an+Eye+on+your+Linux+Hosts+Activity/31054/
Support of SSL 2.0 on web servers in 2024 (2024.06.28)
https://isc.sans.edu/diary/Support+of+SSL+20+on+web+servers+in+2024/31044/
What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary] (2024.06.26)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability
Product: Microsoft Windows Hyper-V
CVSS Score: 7.8
** KEV since 2024-07-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38080
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080
CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability
Product: Microsoft Windows MSHTML Platform
CVSS Score: 7.5
** KEV since 2024-07-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38112
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112
CVE-2024-38074, CVE-2024-38076, CVE-2024-38077 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerabilities
Product: Microsoft Windows Remote DesktopCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38074NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38076NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38077ISC Diary: https://isc.sans.edu/diary/31058NVD References: - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38074- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38076- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077CVE-2024-38089 - Microsoft Defender for IoT Elevation of Privilege VulnerabilityProduct: Microsoft Defender for IoTCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38089ISC Diary: https://isc.sans.edu/diary/31058NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38089CVE-2024-6172 - The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to time-based SQL Injection in all versions up to 5.7.25, allowing unauthenticated attackers to extract sensitive information from the database.Product: Icegram Email Subscribers & Newsletters CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6172NVD References: - https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/db/class-es-db-contacts.php#L834- https://plugins.trac.wordpress.org/changeset/3107964/email-subscribers#file4- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3107964%40email-subscribers%2Ftrunk&old=3104864%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=- https://wordpress.org/plugins/email-subscribers/#developers- https://www.wordfence.com/threat-intel/vulnerabilities/id/13629598-d45d-4ff5-aeb5-6ac881d25183?source=cveCVE-2024-36243, CVE-2024-36260, CVE-2024-37030, CVE-2024-37077, & CVE-2024-37185 - OpenHarmony v4.0.0 and prior versions are vulnerable to remote attackers executing arbitrary code in pre-installed apps due to out-of-bounds read and write and use-after-free (CVE-2024-37030).Product: OpenHarmonyCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36243NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36260NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37030NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37077NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37185NVD References: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.mdCVE-2024-6439 - SourceCodester Home Owners Collection Management System 1.0 is vulnerable to unrestricted file upload via manipulation of the argument img in the file /classes/Users.php?f=save, allowing for remote attackers to initiate an exploit.Product: Home_Owners_Collection_Management_System_Project Home_Owners_Collection_Management_System 1.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6439NVD References: - https://github.com/GAO-UNO/cve/blob/main/upload.md- https://vuldb.com/?ctiid.270167- https://vuldb.com/?id.270167-https://vuldb.com/?submit.366753CVE-2024-6440 - SourceCodester Home Owners Collection Management System 1.0 is susceptible to a critical sql injection vulnerability in /classes/Master.php?f=delete_category, allowing for remote cyber attacks.Product: Home_Owners_Collection_Management_System_Project Home_Owners_Collection_Management_System 1.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6440NVD References: - https://github.com/reverseD0G/cve/blob/main/sql.md- https://vuldb.com/?ctiid.270168- https://vuldb.com/?id.270168- https://vuldb.com/?submit.366988CVE-2024-32755 - Under certain circumstances the web interface will accept characters unrelated to the expected input.Product: Netgear Nighthawk RoutersCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32755NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04- https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisoriesCVE-2024-36404 - GeoTools is vulnerable to Remote Code Execution in versions prior to 31.2, 30.4, and 29.6 when evaluating XPath expressions from user input.Product: GeoToolsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36404NVD References: - https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852- https://github.com/geotools/geotools/commit/f0c9961dc4d40c5acfce2169fab92805738de5ea- https://github.com/geotools/geotools/pull/4797- https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w- https://osgeo-org.atlassian.net/browse/GEOT-7587- https://sourceforge.net/projects/geotools/files/GeoTools%2024%20Releases/24.0/geotools-24.0-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2025%20Releases/25.2/geotools-25.2-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2026%20Releases/26.4- https://sourceforge.net/projects/geotools/files/GeoTools%2026%20Releases/26.7/geotools-26.7-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2027%20Releases/27.4/geotools-27.4-pa…
CVE-2024-38089 - Microsoft Defender for IoT Elevation of Privilege Vulnerability
Product: Microsoft Defender for IoT
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38089
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38089
CVE-2024-6172 - The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to time-based SQL Injection in all versions up to 5.7.25, allowing unauthenticated attackers to extract sensitive information from the database.
Product: Icegram Email Subscribers & Newsletters
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6172
NVD References:
- https://plugins.trac.wordpress.org/changeset/3107964/email-subscribers#file4
- https://wordpress.org/plugins/email-subscribers/#developers
CVE-2024-36243, CVE-2024-36260, CVE-2024-37030, CVE-2024-37077, & CVE-2024-37185 - OpenHarmony v4.0.0 and prior versions are vulnerable to remote attackers executing arbitrary code in pre-installed apps due to out-of-bounds read and write and use-after-free (
Product: OpenHarmony
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36243
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36260
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37030
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37077
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37185
NVD References: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md
CVE-2024-6439 - SourceCodester Home Owners Collection Management System 1.0 is vulnerable to unrestricted file upload via manipulation of the argument img in the file /classes/Users.php?f=save, allowing for remote attackers to initiate an exploit.
Product: Home_Owners_Collection_Management_System_Project Home_Owners_Collection_Management_System 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6439
NVD References:
- https://github.com/GAO-UNO/cve/blob/main/upload.md
- https://vuldb.com/?ctiid.270167
CVE-2024-6440 - SourceCodester Home Owners Collection Management System 1.0 is susceptible to a critical sql injection vulnerability in /classes/Master.php?f=delete_category, allowing for remote cyber attacks.
Product: Home_Owners_Collection_Management_System_Project Home_Owners_Collection_Management_System 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6440
NVD References:
- https://github.com/reverseD0G/cve/blob/main/sql.md
- https://vuldb.com/?ctiid.270168
CVE-2024-32755 - Under certain circumstances the web interface will accept characters unrelated to the expected input.
Product: Netgear Nighthawk Routers
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32755
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04
- https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
CVE-2024-36404 - GeoTools is vulnerable to Remote Code Execution in versions prior to 31.2, 30.4, and 29.6 when evaluating XPath expressions from user input.
Product: GeoToolsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36404NVD References: - https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852- https://github.com/geotools/geotools/commit/f0c9961dc4d40c5acfce2169fab92805738de5ea- https://github.com/geotools/geotools/pull/4797- https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w- https://osgeo-org.atlassian.net/browse/GEOT-7587- https://sourceforge.net/projects/geotools/files/GeoTools%2024%20Releases/24.0/geotools-24.0-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2025%20Releases/25.2/geotools-25.2-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2026%20Releases/26.4- https://sourceforge.net/projects/geotools/files/GeoTools%2026%20Releases/26.7/geotools-26.7-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2027%20Releases/27.4/geotools-27.4-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2027%20Releases/27.5/geotools-27.5-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2028%20Releases/28.2/geotools-28.2-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2029%20Releases/29.2/geotools-29.2-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2030%20Releases/30.2/geotools-30.2-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2030%20Releases/30.3/geotools-30.3-patches.zip/download- https://sourceforge.net/projects/geotools/files/GeoTools%2031%20Releases/31.1CVE-2024-4708 - mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.Product: mySCADA myPROCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4708NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02- https://www.myscada.org/mypro/CVE-2024-37082 - HAProxy release in Cloud Foundry prior to v40.17.0 has a security check loophole that could potentially allow bypass of mTLS authentication for applications.Product: Cloud Foundry HAProxyCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37082NVD References: https://www.cloudfoundry.org/blog/cve-2024-37082-mtls-bypass/CVE-2024-39223 - gost v2.11.5 is vulnerable to an authentication bypass in the SSH service, allowing attackers to intercept communications by setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey.Product: gost v2.11.5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39223NVD References: - https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a- https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229- https://github.com/ginuerzh/gost/issues/1034CVE-2024-39844 - In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.Product: ZNC modtclCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39844NVD References: - http://www.openwall.com/lists/oss-security/2024/07/03/9- https://github.com/znc/znc/releases/tag/znc-1.9.1- https://wiki.znc.in/Category:ChangeLog- https://wiki.znc.in/ChangeLog/1.9.1- https://www.openwall.com/lists/oss-security/2024/07/03/9CVE-2024-39930, CVE-2024-39931, & CVE-2024-39932 - Gogs through 0.13.0 is vulnerable to argument injection in internal/ssh/ssh.go (CVE-2024-39930), deletion of internal files (CVE-2024-39931), and argument injection during the previewing of changes (CVE-2024-39932).Product: GogsCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39930NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39931NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39932NVD References: - https://github.com/gogs/gogs/releases- https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/CVE-2024-6298 - ABB ASPECT-Enterprise, ABB NEXUS Series, and ABB MATRIX Series on Linux are vulnerable to Remote Code Inclusion due to improper input validation, impacting versions through 3.08.01.Product: ABB ASPECT-ENT-12CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6298NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964CVE-2024-38346 - CloudStack cluster service vulnerability allows attackers to execute arbitrary code on targeted hypervisors and hosts, potentially compromising infrastructure confidentiality, integrity, and availability.Product: Apache CloudstackCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38346NVD References: - http://www.openwall.com/lists/oss-security/2024/07/05/1- https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1- https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1- https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-…
CVE-2024-4708 - mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
Product: mySCADA myPRO
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4708
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02
CVE-2024-37082 - HAProxy release in Cloud Foundry prior to v40.17.0 has a security check loophole that could potentially allow bypass of mTLS authentication for applications.
Product: Cloud Foundry HAProxy
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37082
NVD References:
cve-2024-37082 - mtls-bypass/
CVE-2024-39223 - gost v2.11.5 is vulnerable to an authentication bypass in the SSH service, allowing attackers to intercept communications by setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey.
Product: gost v2.11.5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39223
NVD References:
- https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a
- https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229
CVE-2024-39844 - In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
Product: ZNC modtcl
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39844
NVD References:
- http://www.openwall.com/lists/oss-security/2024/07/03/9
- https://github.com/znc/znc/releases/tag/znc-1.9.1
- https://wiki.znc.in/Category:ChangeLog
CVE-2024-39930, CVE-2024-39931, & CVE-2024-39932 - Gogs through 0.13.0 is vulnerable to argument injection in internal/ssh/ssh.go (
Product: Gogs
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39930
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39931
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39932
NVD References:
- https://github.com/gogs/gogs/releases
- https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/
CVE-2024-6298 - ABB ASPECT-Enterprise, ABB NEXUS Series, and ABB MATRIX Series on Linux are vulnerable to Remote Code Inclusion due to improper input validation, impacting versions through 3.08.01.
CVE-2024-38346 - CloudStack cluster service vulnerability allows attackers to execute arbitrary code on targeted hypervisors and hosts, potentially compromising infrastructure confidentiality, integrity, and availability.
Product: Apache Cloudstack
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38346
NVD References:
- http://www.openwall.com/lists/oss-security/2024/07/05/1
- https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1
- https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1
CVE-2024-39028 - An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
Product: SeaCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39028
NVD References: https://github.com/pysnow1/vul_discovery/blob/main/SeaCMS/SeaCMS%20v12.9%20admin_ping.php%20RCE.md
CVE-2024-39864 - CloudStack integration API service allows running its unauthenticated API server on a random port when integration.api.port value is set to 0, allowing attackers to exploit and compromise the infrastructure.
Product: Apache Cloudstack
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39864
NVD References:
- http://www.openwall.com/lists/oss-security/2024/07/05/1
- https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1
- https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1
CVE-2024-23997 - Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
Product: Lukasbach Yana
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23997
NVD References: https://github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-23997
CVE-2024-23998 - goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.
Product: Goanother Another Redis Desktop Manager
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23998
NVD References: https://github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-23998
CVE-2024-29319 - Volmarg Personal Management System 1.4.64 is vulnerable to SSRF through SVG file uploads, allowing attackers to send unauthorized HTTP and DNS requests to a controlled server.
Product: Personal-Management-System Personal Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29319
NVD References: https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-29319
CVE-2024-37768 - 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.
Product: B1Ackc4T 14Finger
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37768
NVD References: https://github.com/b1ackc4t/14Finger/issues/12
CVE-2024-27709 & CVE-2024-27710 - Eskooly Web Product v.3.0 is vulnerable to SQL injection (
Product: Eskooly Free Online School management Software
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27709
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27710
NVD References: https://blog.be-hacktive.com/eskooly-cve/cve-2024-27709-sql-injection-in-eskooly-web-product-v.3.0
CVE-2024-37260 - Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5.
Product: Themeruby Foxiz
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37260
NVD References: https://patchstack.com/database/vulnerability/foxiz/wordpress-foxiz-theme-theme-2-3-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CVE-2024-40614 - EGroupware before 23.1.20240624 mishandles an ORDER BY clause.
Product: EGroupware
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40614
NVD References:
- https://github.com/EGroupware/egroupware/commit/553829d30cc2ccdc0e5a8c5a0e16fa03a3399a3f
- https://github.com/EGroupware/egroupware/compare/23.1.20240430...23.1.20240624
- https://github.com/EGroupware/egroupware/releases/tag/23.1.20240624
- https://help.egroupware.org/t/egroupware-maintenance-security-release-23-1-20240624/78438
CVE-2023-46685 - LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623 is vulnerable to arbitrary command execution via specially crafted network packets due to a hard-coded password in the telnetd functionality.
Product: LevelOne WBR-6013
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46685
NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1871
CVE-2024-1305 - Tap-windows6 driver version 9.26 and earlier allows for potential arbitrary code execution in kernel space due to improper data size checking in incoming write operations.
Product: OpenVPN tap-windows6 driver
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1305
NVD References:
- https://community.openvpn.net/openvpn/wiki/CVE-2024-1305
- https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html
CVE-2024-6365 - The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 2.0.1, allowing unauthenticated attackers to execute code on the server via the 'saveCustomTitle' function.
Product: WBW The Product Table by WBW plugin for WordPress
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6365
NVD References:
- https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php
- https://plugins.trac.wordpress.org/changeset/3113335/
-
CVE-2024-28747 - An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
Product: Weintek SmartSPS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28747
NVD References: https://cert.vde.com/en/advisories/VDE-2024-012
CVE-2024-28751 - An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
Product: Siemens Simatic HMI TP700.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28751
NVD References: https://cert.vde.com/en/advisories/VDE-2024-012
CVE-2024-37555 - ZealousWeb Generate PDF using Contact Form 7 allows unrestricted upload of files with dangerous types, posing a security risk from versions n/a through 4.0.6.
Product: ZealousWeb Generate PDF using Contact Form 7
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37555
CVE-2024-6313 - The Gutenberg Forms plugin for WordPress allows for arbitrary file uploads, potentially leading to remote code execution.
Product: WordPress Gutenberg Forms plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6313
NVD References:
- https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/Utils/Bucket.php#L19
- https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/triggers/email.php#L268
CVE-2024-6314 - The IQ Testimonials plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to insufficient file validation, in versions up to 2.2.7, only if the 'gd' PHP extension is not loaded.
Product: WordPress IQ Testimonials plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6314
NVD References:
CVE-2024-37112 - WishList Member X is vulnerable to SQL Injection before version 3.26.7, allowing attackers to manipulate database queries.
Product: WishList Member X Membership Software
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37112
CVE-2024-3604 - The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode.
Product: WordPress OSM OpenStreetMap plugin
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3604
NVD References:
- https://wordpress.org/plugins/osm/
CVE-2024-37418 - Andy Moyle Church Admin is vulnerable to uploading potentially harmful files, such as web shells, to a web server due to an unrestricted upload vulnerability.
Product: Andy Moyle Church Admin
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37418
NVD References: https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-37420 - Zita Elementor Site Library in WPZita allows uploading a web shell to a web server due to unrestricted upload of dangerous file types, affecting versions from n/a to 1.6.1.
Product: WPZita Elementor Site Library
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37420
CVE-2024-37424 - Newspack Blocks allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: Automattic Newspack Blocks
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37424
CVE-2024-39872 - SINEMA Remote Connect Server (All versions < V3.2 SP1) allows authenticated attackers with the 'Manage firmware updates' role to escalate privileges via improper assignment of rights to temporary files.
Product: Siemens SINEMA Remote Connect Server
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39872
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-381581.html
CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability
Product: Microsoft .NET and Visual Studio
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35264
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264
CVE-2024-38060 - Windows Imaging Component Remote Code Execution Vulnerability
Product: Microsoft Windows Imaging Component
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38060
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38060
CVE-2024-38517 & CVE-2024-39684 - Tencent RapidJSON privilege escalation vulnerabilities
Product: Tencent RapidJSON
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38517
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39684
ISC Diary: https://isc.sans.edu/diary/31058
NVD References:
- https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
- https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39684
The following vulnerability needs a manual review:
CVE-2024-37985 - Systematic Identification and Characterization of Proprietary Prefetchers. This vulnerability only affects ARM systems. An attacker would be able to view privileged heap memory. An attacker must take additional actions before exploitation to successfully prepare the target environment to exploit the vulnerability.
CVSS 3.1: 5.9 / 5.2
ISC Diary: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+July+2024/31058/
References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37985
cve-2024-27710 - privilege-escalation-via-authentication-mechanism-in-eskooly-web-product-less-than-v3
CVE-2024-37260 - Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5.
Product: Themeruby Foxiz
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37260
NVD References: https://patchstack.com/database/vulnerability/foxiz/wordpress-foxiz-theme-theme-2-3-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CVE-2024-40614 - EGroupware before 23.1.20240624 mishandles an ORDER BY clause.
Product: EGroupware
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40614
NVD References:
- https://github.com/EGroupware/egroupware/commit/553829d30cc2ccdc0e5a8c5a0e16fa03a3399a3f
- https://github.com/EGroupware/egroupware/compare/23.1.20240430...23.1.20240624
- https://github.com/EGroupware/egroupware/releases/tag/23.1.20240624
- https://help.egroupware.org/t/egroupware-maintenance-security-release-23-1-20240624/78438
CVE-2023-46685 - LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623 is vulnerable to arbitrary command execution via specially crafted network packets due to a hard-coded password in the telnetd functionality.
Product: LevelOne WBR-6013
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46685
NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1871
CVE-2024-1305 - Tap-windows6 driver version 9.26 and earlier allows for potential arbitrary code execution in kernel space due to improper data size checking in incoming write operations.
Product: OpenVPN tap-windows6 driver
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1305
NVD References:
- https://community.openvpn.net/openvpn/wiki/CVE-2024-1305
- https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html
CVE-2024-6365 - The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 2.0.1, allowing unauthenticated attackers to execute code on the server via the 'saveCustomTitle' function.
Product: WBW The Product Table by WBW plugin for WordPress
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6365
NVD References:
- https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php
- https://plugins.trac.wordpress.org/changeset/3113335/
-
CVE-2024-28747 - An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
Product: Weintek SmartSPS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28747
NVD References: https://cert.vde.com/en/advisories/VDE-2024-012
CVE-2024-28751 - An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
Product: Siemens Simatic HMI TP700.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28751
NVD References: https://cert.vde.com/en/advisories/VDE-2024-012
CVE-2024-37555 - ZealousWeb Generate PDF using Contact Form 7 allows unrestricted upload of files with dangerous types, posing a security risk from versions n/a through 4.0.6.
Product: ZealousWeb Generate PDF using Contact Form 7
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37555
CVE-2024-6313 - The Gutenberg Forms plugin for WordPress allows for arbitrary file uploads, potentially leading to remote code execution.
Product: WordPress Gutenberg Forms plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6313
NVD References:
- https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/Utils/Bucket.php#L19
- https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/triggers/email.php#L268
CVE-2024-6314 - The IQ Testimonials plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to insufficient file validation, in versions up to 2.2.7, only if the 'gd' PHP extension is not loaded.
Product: WordPress IQ Testimonials plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6314
NVD References:
CVE-2024-37112 - WishList Member X is vulnerable to SQL Injection before version 3.26.7, allowing attackers to manipulate database queries.
Product: WishList Member X Membership Software
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37112
CVE-2024-3604 - The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode.
Product: WordPress OSM OpenStreetMap plugin
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3604
NVD References:
- https://wordpress.org/plugins/osm/
CVE-2024-37418 - Andy Moyle Church Admin is vulnerable to uploading potentially harmful files, such as web shells, to a web server due to an unrestricted upload vulnerability.
Product: Andy Moyle Church Admin
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37418
NVD References: https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-37420 - Zita Elementor Site Library in WPZita allows uploading a web shell to a web server due to unrestricted upload of dangerous file types, affecting versions from n/a to 1.6.1.
Product: WPZita Elementor Site Library
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37420
CVE-2024-37424 - Newspack Blocks allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: Automattic Newspack Blocks
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37424
CVE-2024-39872 - SINEMA Remote Connect Server (All versions < V3.2 SP1) allows authenticated attackers with the 'Manage firmware updates' role to escalate privileges via improper assignment of rights to temporary files.
Product: Siemens SINEMA Remote Connect Server
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39872
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-381581.html
CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability
Product: Microsoft .NET and Visual Studio
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35264
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264
CVE-2024-38060 - Windows Imaging Component Remote Code Execution Vulnerability
Product: Microsoft Windows Imaging Component
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38060
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38060
CVE-2024-38517 & CVE-2024-39684 - Tencent RapidJSON privilege escalation vulnerabilities
Product: Tencent RapidJSON
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38517
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39684
ISC Diary: https://isc.sans.edu/diary/31058
NVD References:
- https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
- https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39684
The following vulnerability needs a manual review:
CVE-2024-37985 - Systematic Identification and Characterization of Proprietary Prefetchers. This vulnerability only affects ARM systems. An attacker would be able to view privileged heap memory. An attacker must take additional actions before exploitation to successfully prepare the target environment to exploit the vulnerability.
CVSS 3.1: 5.9 / 5.2
ISC Diary: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+July+2024/31058/
References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37985
CVE-2024-6365 - The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 2.0.1, allowing unauthenticated attackers to execute code on the server via the 'saveCustomTitle' function.
Product: WBW The Product Table by WBW plugin for WordPress
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6365
NVD References:
- https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php
- https://plugins.trac.wordpress.org/changeset/3113335/
-
CVE-2024-28747 - An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
Product: Weintek SmartSPS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28747
NVD References: https://cert.vde.com/en/advisories/VDE-2024-012
CVE-2024-28751 - An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
Product: Siemens Simatic HMI TP700.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28751
NVD References: https://cert.vde.com/en/advisories/VDE-2024-012
CVE-2024-37555 - ZealousWeb Generate PDF using Contact Form 7 allows unrestricted upload of files with dangerous types, posing a security risk from versions n/a through 4.0.6.
Product: ZealousWeb Generate PDF using Contact Form 7
CVSS Score: 9.1
CVE-2024-6313 - The Gutenberg Forms plugin for WordPress allows for arbitrary file uploads, potentially leading to remote code execution.
Product: WordPress Gutenberg Forms plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6313
NVD References:
- https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/Utils/Bucket.php#L19
- https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/triggers/email.php#L268
CVE-2024-6314 - The IQ Testimonials plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to insufficient file validation, in versions up to 2.2.7, only if the 'gd' PHP extension is not loaded.
Product: WordPress IQ Testimonials plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6314
NVD References:
CVE-2024-37112 - WishList Member X is vulnerable to SQL Injection before version 3.26.7, allowing attackers to manipulate database queries.
Product: WishList Member X Membership Software
CVSS Score: 10.0
CVE-2024-3604 - The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode.
Product: WordPress OSM OpenStreetMap plugin
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3604
NVD References:
CVE-2024-37418 - Andy Moyle Church Admin is vulnerable to uploading potentially harmful files, such as web shells, to a web server due to an unrestricted upload vulnerability.
Product: Andy Moyle Church Admin
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37418
NVD References: https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-37420 - Zita Elementor Site Library in WPZita allows uploading a web shell to a web server due to unrestricted upload of dangerous file types, affecting versions from n/a to 1.6.1.
Product: WPZita Elementor Site Library
CVSS Score: 9.9
CVE-2024-37424 - Newspack Blocks allows unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: Automattic Newspack Blocks
CVSS Score: 9.9
CVE-2024-39872 - SINEMA Remote Connect Server (All versions < V3.2 SP1) allows authenticated attackers with the 'Manage firmware updates' role to escalate privileges via improper assignment of rights to temporary files.
Product: Siemens SINEMA Remote Connect Server
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39872
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-381581.html
CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability
Product: Microsoft .NET and Visual Studio
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35264
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264
CVE-2024-38060 - Windows Imaging Component Remote Code Execution Vulnerability
Product: Microsoft Windows Imaging Component
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38060
ISC Diary: https://isc.sans.edu/diary/31058
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38060
CVE-2024-38517 & CVE-2024-39684 - Tencent RapidJSON privilege escalation vulnerabilities
Product: Tencent RapidJSON
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38517
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39684
ISC Diary: https://isc.sans.edu/diary/31058
NVD References:
- https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
- https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39684
The following vulnerability needs a manual review:
CVE-2024-37985 - Systematic Identification and Characterization of Proprietary Prefetchers. This vulnerability only affects ARM systems. An attacker would be able to view privileged heap memory. An attacker must take additional actions before exploitation to successfully prepare the target environment to exploit the vulnerability.
CVSS 3.1: 5.9 / 5.2
ISC Diary: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+July+2024/31058/
References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37985
Sponsors
SANS
SANS 2024 SOC Survey Webcast: Facing Top Challenges in Security Operations | July 12, 10:30 am ET | Join Chris Crowley and guest speakers as they examine this year's survey results to understand how SOCs are architectured, favorite and frustrating technologies, staffing, funding, threat intel, and automation.
HPE Aruba Networking
Webcast: Is Access to Corporate Resources from Any Device, Anywhere Truly Possible? | July 18, 1:00 PM ET In today's digital landscape, the need for secure/seamless access to corporate resources from any device, anywhere is paramount. Join Dave Shackleford and Darren Tidwell as they dive into the modern threats and security challenges that organizations face and how solutions from HPE address these challenges.
Carahsoft
Webcast: 2024 Government Security Forum | July 25, 10:00 AM ETJoin our webcast for an in-depth discussion featuring strategies on Zero Trust implementation strategies, hardening SLED environments, navigating supply chain security, CMMC compliance, and harnessing AI for advanced threat detection.
Xona Systems
Webcast: A zero-trust user access model can expedite compliance with new looming NERC CIP regulations | Tuesday, July 30, 1:00 pm ET | This presentation will explore challenges and elements for key NERC CIP-003-9 requirements, and an example of successful implementation. Xona will equip asset owners with the knowledge and tools to efficiently transition to a compliant and secure infrastructure and meet NERC CIP-003-9.