SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 29
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
"Mouse Logger" Malicious Python Script
Published: 2024-07-24
Last Updated: 2024-07-24 06:45:59 UTC
by Xavier Mertens (Version: 1)
Keylogging is a pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. Back from SANSFIRE, I looked at my backlog of hunting results and found an interesting piece of Python malware. This one implements a keylogger and a screenshot grabber but also... a "mouse logger"! By mouse logger, I mean that it can collect activity generated by the user's mouse.
The attacker uses the classic Python module pyinput ...
Read the full entry:
https://isc.sans.edu/diary/Mouse+Logger+Malicious+Python+Script/31106/
Widespread Windows Crashes Due to CrowdStrike Updates
Published: 2024-07-19
Last Updated: 2024-07-19 16:59:59 UTC
by Johannes Ullrich (Version: 1)
Last night, endpoint security company CrowdStrike released an update that is causing widespread "blue screens of death" (BSOD) on Windows systems. CrowdStrike released an advisory, which is only available after logging into the CrowdStrike support platform. A brief public statement can be found here.
CrowdStrike now also published a detailed public document with tips to recover:
https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/
---
Update: Some reports we have seen indicate that there may be phishing emails circulating claiming to come from "CrowdStrike Support" or "CrowdStrike Security". I do not have any samples at this point, but attackers are likely leveraging the heavy media attention. Please be careful with any "patches" that may be delivered this way.
One domain possibly associated with these phishing attacks is ...
---
Linux and MacOS systems are not affected by this issue.
The quickest fix appears to boot the system into "Windows Safemode with Network". This way, Crowdstrike will not start, but the current version may be downloaded and applied, which will fix the issue. This "quick version" of the fix is not part of CrowdStrike's recommendations but may be worth a try if you have many systems to apply the fix to or if you need to talk a non-computer-savvy person through the procedure. Some users have reported that this will succeed.
Casimir Pulaski (@cybermactex) mentioned on X that a simple reboot sometimes works if the latest update was downloaded before the system crashed.
The support portal statement offers the following steps to get affected systems back into business ...
Read the full entry:
https://isc.sans.edu/diary/Widespread+Windows+Crashes+Due+to+Crowdstrike+Updates/31094/
CrowdStrike: The Monday After
Published: 2024-07-22
Last Updated: 2024-07-22 17:06:26 UTC
by Johannes Ullrich (Version: 1)
Last Friday, after CrowdStrike released a bad sensor configuration update that caused widespread crashes of Windows systems. The most visible effects of these crashes appear to have been mitigated. I am sure many IT workers had to spend the weekend remediating the issue.
It is still early regarding the incident response part, but I would like to summarize some of the important facts we know and some lessons learned.
You are likely affected if the CrowdStrike sensor system retrieved updates between 0409 and 0527 UTC on Friday, July 19th. CrowdStrike allows users to configure a sensor update policy, which will delay the update of the sensor software. But the corrupt file was a configuration ("signature") update, not an update of the sensor itself. Configuration updates are always applied as soon as they are released. Customers do not have an option to delay these updates. Systems crashed because a kernel driver provided by CrowdStrike crashed as it read the malformed configuration file.
Since news of the incident broke, CrowdStrike has been updating and expanding its guidance. Your first stop should be CrowdStrike's "Remediation and Guidance Hub". It will link to all the resources CrowdStrike has to offer. Yesterday, CrowdStrike announced that they will soon offer a new, accelerated technique for recovery. As I write this, the new technique has not been published. CrowdStrike did provide a new dashboard to affected users to track systems affected by the update.
Microsoft developed a USB solution to simplify the process. To apply the update, systems must be booted from the USB key. However, Bitlocker-encrypted hosts may require a recovery key.
Bitlocker is the major hurdle to a speedy recovery for many affected organizations. Ben Watsons posted on LinkedIn that his organization came up with a way to use a barcode scanner to simplify entering the recovery keys. I do not believe that the related code to create the barcodes is public.
Read the full entry:
https://isc.sans.edu/diary/CrowdStrike+The+Monday+After/31098/
Internet Storm Center Entries
New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273) (2024.07.23)
https://isc.sans.edu/diary/New+Exploit+Variation+Against+DLink+NAS+Devices+CVE20243273/31102/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-3273 - D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L are vulnerable to a critical command injection flaw in the /cgi-bin/nas_sharing.cgi file via an unsupported HTTP GET Request Handler function, allowing remote attackers to exploit it even though the products are no longer supported by the vendor.
Product: D-Link DNS-320L
CVSS Score: 0
** KEV since 2024-04-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3273
ISC Diary: https://isc.sans.edu/diary/31102
ISC Podcast: https://isc.sans.edu/podcastdetail/9066
CVE-2024-20401 - Cisco Secure Email Gateway is vulnerable to remote attackers overwriting arbitrary files on the underlying operating system due to improper handling of email attachments, potentially leading to unauthorized access, configuration modification, code execution, or a denial of service situation requiring manual recovery.
Product: Cisco Secure Email Gateway
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20401
ISC Podcast: https://isc.sans.edu/podcastdetail/9058
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
CVE-2024-20419 - Cisco Smart Software Manager On-Prem (SSM On-Prem) has a vulnerability that allows unauthenticated attackers to change any user's password, including administrative users, due to improper implementation of the password-change process.
Product: Cisco Smart Software Manager On-Prem (SSM On-Prem)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20419
ISC Podcast: https://isc.sans.edu/podcastdetail/9058
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
CVE-2024-22442 - The vulnerability in HPE 3PAR Service Processor Software could be remotely exploited to bypass authentication.
Product: HPE 3PAR Service Processor Software
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22442
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04663en_us&docLocale=en_US
CVE-2024-33180 - Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
Product: Tenda AC18
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33180
NVD References: https://palm-vertebra-fe9.notion.site/saveParentControlInfo_1-7c9695d0251945ae8006db705b9b80ac
CVE-2024-33182 - Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
Product: Tenda AC18
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33182
NVD References: https://palm-vertebra-fe9.notion.site/addWifiMacFilter_1-067fa6984f0d4933b88c63efd7486479
CVE-2024-35338 - Tenda i29 v1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
Product: Tenda i29
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35338
NVD References: https://palm-vertebra-fe9.notion.site/hardcode_i29-e1ed38dde00145d9a6be1ad2b4581259
CVE-2024-39700 - JupyterLab extension template with `copier` test option has an RCE vulnerability in `update-integration-tests.yml` workflow, urging GitHub-hosted extension authors to upgrade to the latest version.
Product: JupyterLab copier
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39700
NVD References:
- https://github.com/jupyterlab/extension-template/commit/035e78c1c65bcedee97c95bb683abe59c96bc4e6
- https://github.com/jupyterlab/extension-template/security/advisories/GHSA-45gq-v5wm-82wg
CVE-2024-21181 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.
Product: Oracle Weblogic Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21181
NVD References: https://www.oracle.com/security-alerts/cpujul2024.html
CVE-2024-6801 - SourceCodester Online Student Management System 1.0 is vulnerable to an unrestricted file upload issue in /add-students.php due to manipulation of the argument image, allowing for remote attacks with a critical impact (VDB-271703).
Product: Online Student Management System Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6801
NVD References:
- https://github.com/aaajuna/demo/issues/1
- https://vuldb.com/?ctiid.271703
CVE-2024-6802 - SourceCodester Computer Laboratory Management System 1.0 is susceptible to a critical SQL injection vulnerability in the save_record function of Master.php, allowing for remote attacks.
Product: Computer Laboratory Management System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6802NVD References: - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6802- https://vuldb.com/?ctiid.271704- https://vuldb.com/?id.271704- https://vuldb.com/?submit.374797CVE-2024-6803 - itsourcecode Document Management System 1.0 is susceptible to a critical SQL injection vulnerability in the file insert.php, allowing for remote attacks.Product: itsourcecode Document Management System 1.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6803NVD References: - https://github.com/hzy11111111/cve/issues/3- https://vuldb.com/?ctiid.271705- https://vuldb.com/?id.271705- https://vuldb.com/?submit.374809CVE-2024-6808 - itsourcecode Simple Task List 1.0 is vulnerable to a critical SQL injection in the insertUserRecord function of signUp.php, allowing remote attackers to exploit the argument username.Product: itsourcecode Simple Task List 1.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6808NVD References: - https://github.com/qianqiusujiu/cve/issues/1- https://vuldb.com/?ctiid.271707- https://vuldb.com/?id.271707- https://vuldb.com/?submit.375154CVE-2024-6220 - The Keydatas plugin for WordPress allows arbitrary file uploads, putting servers at risk of remote code execution.Product: Keydatas CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6220NVD References: - https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php- https://www.wordfence.com/threat-intel/vulnerabilities/id/49ae7971-7bdf-4369-b04b-fb48ea5b9518?source=cveCVE-2024-5471 - Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.Product: Zohocorp Manageengine DDI CentralCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5471NVD References: https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-5471.htmlCVE-2024-23466 - SolarWinds Access Rights Manager (ARM) is vulnerable to Directory Traversal Remote Code Execution, enabling unauthorized users to execute commands with SYSTEM privileges.Product: SolarWinds Access Rights ManagerCVSS Score: 9.6 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23466NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htmCVE-2024-23467 - SolarWinds Access Rights Manager allows unauthenticated users to remotely execute code due to a Directory Traversal and Information Disclosure Vulnerability.Product: SolarWinds Access Rights ManagerCVSS Score: 9.6 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23467NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htmCVE-2024-23469 - SolarWinds Access Rights Manager (ARM) is vulnerable to remote code execution, enabling unauthorized users to gain SYSTEM privileges.Product: SolarWinds Access Rights ManagerCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23469NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htmCVE-2024-23470 - SolarWinds Access Rights Manager is vulnerable to a pre-authentication remote code execution flaw allowing unauthorized users to run commands and executables.Product: SolarWinds Access Rights ManagerCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23470NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htmCVE-2024-23471 - SolarWinds Access Rights Manager is vulnerable to remote code execution by an authenticated user.Product: SolarWinds Access Rights ManagerCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23471NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htmCVE-2024-23472 - SolarWinds Access Rights Manager (ARM) is vulnerable to a Directory Traversal flaw that enables authenticated users to read and delete files at will.Product: SolarWinds Access Rights ManagerCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23472NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htmCVE-2024-23475 - SolarWinds Access Rights Manager is vulnerable to file deletion and information leakage by unauthenticated users.Product: SolarWinds Access Rights ManagerCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23475NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htmCVE-2024-28074 - SolarWinds Access Rights Manager still vulnerable as researcher bypasses implemented controls to exploit vulnerability using alternative method.Product: SolarWinds Access Rights ManagerCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE…
CVE-2024-6808 - itsourcecode Simple Task List 1.0 is vulnerable to a critical SQL injection in the insertUserRecord function of signUp.php, allowing remote attackers to exploit the argument username.
Product: itsourcecode Simple Task List 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6808
NVD References:
- https://github.com/qianqiusujiu/cve/issues/1
- https://vuldb.com/?ctiid.271707
CVE-2024-6220 - The Keydatas plugin for WordPress allows arbitrary file uploads, putting servers at risk of remote code execution.
Product: Keydatas
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6220
NVD References:
- https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php
CVE-2024-5471 - Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
Product: Zohocorp Manageengine DDI Central
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5471
NVD References: https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-5471.html
CVE-2024-23466 - SolarWinds Access Rights Manager (ARM) is vulnerable to Directory Traversal Remote Code Execution, enabling unauthorized users to execute commands with SYSTEM privileges.
Product: SolarWinds Access Rights Manager
CVSS Score: 9.6 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23466
NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm
CVE-2024-23467 - SolarWinds Access Rights Manager allows unauthenticated users to remotely execute code due to a Directory Traversal and Information Disclosure Vulnerability.
Product: SolarWinds Access Rights Manager
CVSS Score: 9.6 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23467
NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm
CVE-2024-23469 - SolarWinds Access Rights Manager (ARM) is vulnerable to remote code execution, enabling unauthorized users to gain SYSTEM privileges.
Product: SolarWinds Access Rights Manager
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23469
NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm
CVE-2024-23470 - SolarWinds Access Rights Manager is vulnerable to a pre-authentication remote code execution flaw allowing unauthorized users to run commands and executables.
Product: SolarWinds Access Rights Manager
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23470
NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm
CVE-2024-23471 - SolarWinds Access Rights Manager is vulnerable to remote code execution by an authenticated user.
Product: SolarWinds Access Rights Manager
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23471
NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm
CVE-2024-23472 - SolarWinds Access Rights Manager (ARM) is vulnerable to a Directory Traversal flaw that enables authenticated users to read and delete files at will.
Product: SolarWinds Access Rights Manager
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23472
NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm
CVE-2024-23475 - SolarWinds Access Rights Manager is vulnerable to file deletion and information leakage by unauthenticated users.
Product: SolarWinds Access Rights Manager
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23475
NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm
CVE-2024-28074 - SolarWinds Access Rights Manager still vulnerable as researcher bypasses implemented controls to exploit vulnerability using alternative method.
Product: SolarWinds Access Rights Manager
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28074
NVD References: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm
CVE-2024-6834 - APIML Spring Cloud Gateway vulnerability allows users to bypass authentication and access internal endpoints using Zowe client certificates.
Product: APIML Spring Cloud Gateway
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6834
NVD References: https://github.com/zowe/api-layer
CVE-2024-39907 & CVE-2024-39911 - 1Panel is vulnerable to sql injections
Product: 1Panel web-based linux server management control panel
CVSS Score: 9.8 - 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39907
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39911
NVD References:
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5
CVE-2024-40628 - JumpServer allows an attacker to exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure.
Product: JumpServer
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40628
NVD References: https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9
CVE-2024-40629 - JumpServer allows attackers to gain remote code execution by exploiting an Ansible playbook vulnerability in the Celery container, potentially leading to unauthorized access and data theft.
Product: JumpServer
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40629
NVD References: https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v
CVE-2024-5618 - PruvaSoft Informatics Apinizer Management Console before 2024.05.1 allows unauthorized access to critical resources due to incorrect permission assignments.
Product: PruvaSoft Informatics Apinizer Management Console
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5618
NVD References: https://www.usom.gov.tr/bildirim/tr-24-1010
CVE-2024-5619 - PruvaSoft Informatics Apinizer Management Console before 2024.05.1 is vulnerable to an Authorization Bypass vulnerability due to user-controlled key manipulation and incorrectly configured access control security levels.
Product: PruvaSoft Informatics Apinizer Management Console
CVSS Score: 9.6 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5619
NVD References: https://www.usom.gov.tr/bildirim/tr-24-1010
CVE-2024-0857 - FlexWater Corporate Water Management by Universal Software Inc. is vulnerable to SQL Injection through 18072024, with the vendor failing to respond to disclosure attempts.
Product: Universal Software Inc. FlexWater Corporate Water Management
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0857
NVD References: https://www.usom.gov.tr/bildirim/tr-24-1011
CVE-2024-6205 - The PayPlus Payment Gateway WordPress plugin is vulnerable to SQL injection via a WooCommerce API route accessible to unauthenticated users.
Product: PayPlus Payment Gateway WordPress plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6205
NVD References: https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/
CVE-2024-6636 - The WooCommerce - Social Login plugin for WordPress allows unauthenticated attackers to change the default role to Administrator by exploiting a missing capability check on the 'woo_slg_login_email' function in versions up to 2.7.3.
Product: WooCommerce Social Login plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6636
NVD References:
- https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
CVE-2024-38437 & CVE-2024-38438 - D-Link Authentication Bypass vulnerabilities
Product: D-Link
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38437
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38438
NVD References: https://www.gov.il/en/Departments/faq/cve_advisories
CVE-2024-38773 - Adrian Tobey FormLift for Infusionsoft Web Forms is vulnerable to Blind SQL Injection from versions n/a through 7.5.17.
CVE-2024-37998 - CPCI85 Central Processing/Communication (All versions < V5.40) and SICORE Base system (All versions < V1.4.0) are vulnerable to unauthorized password resets, allowing attackers to gain administrative access.
Product: CPC iFIX
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37998
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-071402.html
CVE-2024-21552 - SuperAGI is vulnerable to Arbitrary Code Execution through unsafe use of the `eval` function, allowing an attacker to gain arbitrary code execution on the application server.
CVE-2024-26020 - Anki 24.04 is vulnerable to arbitrary script execution through specially crafted flashcards, allowing attackers to trigger arbitrary code execution.
Product: Ankitects Anki
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26020
NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1993
CVE-2024-39685 & CVE-2024-39686 - Bert-VITS2 arbitrary command execution vulnerabilities
Product: fishaudio Bert-VITS2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39685
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39686
NVD References:
- https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/
CVE-2024-6793 - NI VeriStand DataLogging Server is vulnerable to remote code execution due to a deserialization of untrusted data issue, requiring an attacker to send a specially crafted message to exploit the vulnerability.
Product: National Instruments NI VeriStand
CVSS Score: 9.8
CVE-2024-6794 - NI VeriStand Waveform Streaming Server is susceptible to a deserialization vulnerability, allowing remote code execution through specially crafted messages in versions up to 2024 Q2.
Product: National Instruments NI VeriStand
CVSS Score: 9.8
CVE-2024-6806 - NI VeriStand Gateway is susceptible to unauthorized actors accessing Project resources, potentially leading to remote code execution in versions up to 2024 Q2.
CVE-2024-38164 - GroupMe is vulnerable to an improper access control issue that enables unauthenticated attackers to elevate privileges by tricking users into clicking on a malicious link.
Product: GroupMe
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38164
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/
Sponsors
SANS
Virtual Event: SANS 2024 Top Attacks and Threats Report, July 31, 10:30 am ET | Join Lee Crognale as she takes a deeper dive into emerging threats and looks at numerous other noteworthy attacker trends. She will provide mitigation strategies and actionable advice on the critical skills, processes, and controls needed to protect enterprises from these advanced attacks.
Xona Systems
Webcast: A zero-trust user access model can expedite compliance with new looming NERC CIP regulations | Tuesday, July 30, 1:00 pm ET | This presentation will explore challenges and elements for key NERC CIP-003-9 requirements, and an example of successful implementation. Xona will equip asset owners with the knowledge and tools to efficiently transition to a compliant and secure infrastructure and meet NERC CIP-003-9.
Carahsoft
Webcast: 2024 Government Security Forum | July 25, 10:00 AM ET | Join our webcast for an in-depth discussion featuring strategies on Zero Trust implementation strategies, hardening SLED environments, navigating supply chain security, CMMC compliance, and harnessing AI for advanced threat detection.
SANS
Virtual Event: SANS 2024 Top Attacks and Threats Report, July 31, 10:30 am ET | Join Lee Crognale as she takes a deeper dive into emerging threats and looks at numerous other noteworthy attacker trends. She will provide mitigation strategies and actionable advice on the critical skills, processes, and controls needed to protect enterprises from these advanced attacks.