SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 31
@RISK: The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
A Survey of Scans for GeoServer Vulnerabilities
Published: 2024-08-06.
Last Updated: 2024-08-06 14:20:15 UTC
by Johannes Ullrich (Version: 1)
A little bit over a year ago, I wrote about scans for GeoServer. GeoServer is a platform to process geographic data. It makes it easy to share geospatial data in various common standard formats. Recently, new vulnerabilities were discovered in GeoServer, prompting me to look again at what our honeypots pick up.
Let's first look at the "big picture": How many scans did we see? The total number of requests for URLs starting with "/geoserver" was 211,143 since the beginning of the year ...
Interest in GeoServer started in 2023. It ceased after August but then came back early this year. After the latest SQL exploit was discovered (July 5th), scans for GeoServer surged.
When I wrote about the GeoServer scans last year, a reader noted that Shadowserver had just started scanning for GeoServer. Indeed, most of the time, all GeoServer scans on particular days can be attributed to researchers. In addition to Shadowserver, Internet Census (associated with BitSight) is scanning for GeoServer instances. Personally, I think this is a good thing. Shadowserver will notify ISPs who host insecure instances, and they will find them before the bad guys.
Read the full entry:
https://isc.sans.edu/diary/A+Survey+of+Scans+for+GeoServer+Vulnerabilities/31148/
OOXML Spreadsheets Protected By Verifier Hashes
Published: 2024-08-03.
Last Updated: 2024-08-04 07:23:41 UTC
by Didier Stevens (Version: 1)
When I wrote about the internal file format of protected spreadsheets, I mentioned a simple 16-bit hash for .xls files in diary entry "16-bit Hash Collisions in .xls Spreadsheets" and a complex hash based on SHA256 for .xlsx files in diary entry "Protected OOXML Spreadsheets".
But what happens if you open a protected spreadsheet in OLE format (.xls) and save it in OOXML format (.xlsx)?
In that exceptional case, the XML protection elements in the OOXML file will store the 16-bit hash taken from the OLE file ...
Read the full entry:
https://isc.sans.edu/diary/OOXML+Spreadsheets+Protected+By+Verifier+Hashes/31072/
Even Linux users should take a look at this Microsoft KB article.
Published: 2024-08-02.
Last Updated: 2024-08-02 20:07:36 UTC
by Johannes Ullrich (Version: 1)
Secure boot has been a standard feature since at least Windows 8. As the name implies, the feature protects the boot process. The integrity of the boot process is ensured by digitally signing any software ("firmware") used during the boot process. As with any digital signature, this process requires the use of certificates to verify the validity of the signatures.
One issue with Secure Boot has been that not all boot loaders are necessarily properly signed, even if they are not malicious. In particular, open-source operating systems like Linux initially had problems with Secure Boot support. However, this has mostly been mitigated with major distributions like Ubuntu and Redhat (among others) supporting Secure Boot.
However, as always, when certificates are involved, there is the possibility of certificates expiring. Microsoft currently relies on certificates known as "Windows Production CA 2011". There are two of them, and as the name implies, this certificate was first used around 2011. Windows 8 was released in 2012. Let's look at one of the two certificates ...
Read the full entry:
https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140/
Internet Storm Center Entries
Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary] (2024.08.07)
Script obfuscation using multiple instances of the same function (2024.08.05)
https://isc.sans.edu/diary/Script+obfuscation+using+multiple+instances+of+the+same+function/31144/
Tracking Proxy Scans with IPv4.Games (2024.08.01)
https://isc.sans.edu/diary/Tracking+Proxy+Scans+with+IPv4Games/31136/
Increased Activity Against Apache OFBiz CVE-2024-32113 (2024.07.31)
https://isc.sans.edu/diary/Increased+Activity+Against+Apache+OFBiz+CVE202432113/31132/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-36401 - GeoServer allows Remote Code Execution by unauthenticated users prior to versions 2.23.6, 2.24.4, and 2.25.2 due to unsafely evaluating property names as XPath expressions.
Product: Open Geospatial Consortium GeoServer
CVSS Score: 0
** KEV since 2024-07-15 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36401
ISC Diary: https://isc.sans.edu/diary/31148
CVE-2024-37085 - VMware ESXi is vulnerable to an authentication bypass, allowing a malicious actor with AD permissions to gain full access to a previously configured host by recreating a deleted AD group.
Product: VMware ESXi
CVSS Score: 0
** KEV since 2024-07-30 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37085
ISC Podcast: https://isc.sans.edu/podcastdetail/9076
CVE-2024-6366 - The User Profile Builder WordPress plugin before 3.11.8 allows unauthenticated users to upload media files.
Product: WordPress User Profile Builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6366
NVD References: https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/
CVE-2024-37906 - Admidio before version 4.3.9 is vulnerable to SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file, allowing compromise of the application's database through the `ecard_recipients `POST parameter.
Product: Admidio Application
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37906
NVD References:
- https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248
- https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3
CVE-2024-38529 - Admidio is vulnerable to Remote Code Execution due to lack of file extension verification in the Message module, allowing malicious PHP files to be uploaded and accessed publicly.
Product: Admidio Application
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38529
NVD References:
- https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c
- https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm
CVE-2024-28805 - An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
Product: Italtel i-MCS NFV
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28805
NVD References: https://www.gruppotim.it/it/footer/red-team.html
CVE-2024-37858 - Lost and Found Information System 1.0 is vulnerable to SQL Injection, allowing a remote attacker to escalate privileges through the id parameter.
Product: Lost and Found Information System 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37858
NVD References:
CVE-2024-40782 - iOS, iPadOS, Safari, watchOS, tvOS, visionOS, and macOS Sonoma versions 16.7.9, 17.6, 10.6, and 14.6 were vulnerable to a use-after-free issue, possibly leading to a process crash when processing malicious web content.
Product: Apple Safari
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40782
NVD References:
- https://support.apple.com/en-us/HT214116
- https://support.apple.com/en-us/HT214117
- https://support.apple.com/en-us/HT214119
- https://support.apple.com/en-us/HT214121
- https://support.apple.com/en-us/HT214122
CVE-2024-5765 - The WpStickyBar WordPress plugin is vulnerable to SQL injection due to inadequate sanitization of user input in AJAX actions accessible to unauthenticated users.
Product: WpStickyBar WordPress plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5765
NVD References: https://wpscan.com/vulnerability/0b73f84c-611e-4681-b362-35e721478ba4/
CVE-2024-5975 - The CZ Loan Management WordPress plugin is vulnerable to SQL injection through an AJAX action allowing unauthenticated users to exploit unescaped parameters in SQL statements.
Product: CodeZero Loan Management WordPress plugin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5975
NVD References: https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/
CVE-2023-48396 - Apache SeaTunnel is vulnerable to an authentication flaw where an attacker can use a hardcoded JWT key to forge tokens and gain unauthorized access to user accounts.
Product: Apache SeaTunnel
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48396
NVD References:
- http://www.openwall.com/lists/oss-security/2024/07/30/1
- https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw
CVE-2024-41702 - SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product: SiberianCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41702
NVD References: https://www.gov.il/en/Departments/faq/cve_advisories
CVE-2024-38909 - Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control, enabling attackers to copy unauthorized files between directories and potentially perform remote code execution.
Product: Studio 42 elFinder
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38909
NVD References:
CVE-2024-36572 - Allpro form-manager 0.7.4 is vulnerable to prototype pollution, enabling attackers to execute arbitrary code and induce other risks through setDefaults, mergeBranch, and Object.setObjectValue functions.
Product: Allpro form-manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36572
NVD References:
- https://gist.github.com/mestrtee/1771ab4fba733ca898b6e2463dc6ed19
CVE-2024-38984 - lukebond json-override 0.2.0 is vulnerable to Prototype Pollution, allowing attackers to execute arbitrary code or cause a DoS via the __proto__ property.
Product: lukebond json-override
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38984
NVD References: https://gist.github.com/mestrtee/97a9a7d73fc8b38fcf01322239dd5fb1
CVE-2024-38986 - 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a DoS via lodash merge methods.
Product: Lodash 75lb deep-merge
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38986
NVD References: https://gist.github.com/mestrtee/b20c3aee8bea16e1863933778da6e4cb
CVE-2024-39010 - chase-moskal snapstate v0.0.9 is vulnerable to prototype pollution, potentially enabling attackers to execute unauthorized code or trigger a denial of service.
Product: chase-moskal snapstate
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39010
NVD References: https://gist.github.com/mestrtee/af7a746df91ab5e944bd7a186816c262
CVE-2024-39011 - chargeover redoc v2.0.9-rc.69 is vulnerable to Prototype Pollution, allowing attackers to execute arbitrary code or cause a DoS via the mergeObjects function.
Product: chargeover redoc
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39011
NVD References: https://gist.github.com/mestrtee/693ef1c8b0a5ff1ae19f253381711f3e
CVE-2024-41610 - D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC allows attackers to remotely access the Telnet service with hardcoded credentials.
Product: D-Link DIR-820LW
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41610
NVD References:
- https://github.com/Nop3z/CVE/blob/main/dlink/dir-820/Dlink-820LW-hardcoded-vulnerability.md
CVE-2024-41611 - D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04 is vulnerable to remote attacks due to hardcoded Telnet service credentials.
Product: D-Link DIR-860L
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41611
NVD References:
- https://github.com/Nop3z/CVE/blob/main/dlink/dir-820/Dlink-860L-hardcoded-vulnerability.md
CVE-2024-38983 - alykoshin mini-deep-assign v0.0.8 is vulnerable to Prototype Pollution, allowing an attacker to execute arbitrary code or cause a DoS via the _assign() method in /lib/index.js.
Product: alykoshin mini-deep-assign
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38983
NVD References: https://gist.github.com/mestrtee/f82d0c3a8fe3a125f06425caef5d22ed
CVE-2024-6695 - User registration on the targeted site can allow an attacker to gain administrative access without a valid account.
Product: Vendor: WordPress Product: WordPress software
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6695
NVD References: https://wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c53a5b/
CVE-2024-37901 - XWiki Platform is vulnerable to arbitrary remote code execution via user profile or page edits, compromising the confidentiality, integrity, and availability of the installation until patched in versions 14.10.21, 15.5.5, and 15.10.2.
Product: XWiki XWiki Platform
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37901
NVD References:
- https://github.com/xwiki/xwiki-platform/commit/0b135760514fef73db748986a3311f3edd4a553b
- https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e
- https://github.com/xwiki/xwiki-platform/commit/9ce3e0319869b6d8131fc4e0909736f7041566a4
- https://github.com/xwiki/xwiki-platform/commit/bbde8a4f564e3c28839440076334a9093e2b4834
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5
CVE-2024-41947 - XWiki Platform allows for the execution of malicious JavaScript snippets on other user's pages, compromising the system's security.
Product: XWiki Platform
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41947
NVD References:
- https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f
- https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x
CVE-2024-41660 - slpd-lite is a vulnerable unicast SLP UDP server in OpenBMC systems that allows nefarious users to cause memory overflow issues by sending SLP packets to BMC using UDP port 427.
Product: OpenBMC slpd-lite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41660
NVD References: https://github.com/openbmc/slpd-lite/security/advisories/GHSA-wmgv-jffg-v3xr
CVE-2024-38182 - Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
Product: Microsoft Dynamics 365
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38182
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38182
CVE-2024-7332 - TOTOLINK CP450 is vulnerable to a critical exploit allowing for remote initiation with a hard-coded password in the Telnet Service component at /web_cste/cgi-bin/product.ini.
Product: TOTOLINK CP450
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7332
NVD References:
- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md
- https://vuldb.com/?ctiid.273255
CVE-2024-41961 - Elektra, an opinionated Openstack Dashboard, contained a code injection vulnerability in its live search functionality allowing authenticated users to execute Ruby code via crafted search terms.
Product: Elektra
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41961
NVD References:
- https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d
- https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02
- https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q
CVE-2024-38770 - Backup and Staging by WP Time Capsule allows Privilege Escalation and Authentication Bypass from n/a through 1.22.20.
Product: Backup and Staging by WP Time Capsule
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38770
CVE-2024-39619 - ListingPro is vulnerable to an improper limitation of a pathname, allowing PHP Local File Inclusion attacks from n/a through 2.9.3.
Product: CridioStudio ListingPro
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39619
CVE-2024-41259 - Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.
Product: Gravatar Navidrome
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41259
NVD References: https://gist.github.com/nyxfqq/d192af10b53a363e2d9e430068333e04
CVE-2024-7314 - Anji-plus AJ-Report is vulnerable to authentication bypass, allowing remote attackers to execute arbitrary Java code by appending ";swagger-ui" to HTTP requests.
Product: anji-plus AJ-Report
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7314
NVD References:
- https://gitee.com/anji-plus/report/pulls/166/files
- https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077
- https://github.com/yuebusao/AJ-REPORT-EXPLOIT
- https://vulncheck.com/advisories/aj-report-swagger
- https://xz.aliyun.com/t/14460
CVE-2024-38882 - Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 are vulnerable to remote command line execution through SQL Injection.
Product: Horizon Business Services Inc. Caterease
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38882
NVD References:
- https://vuldb.com/?id.273366
CVE-2024-38883 - Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and potentially later versions are vulnerable to a Drop Encryption Level attack, allowing remote attackers to exploit a less secure algorithm during negotiation.
Product: Horizon Business Services Inc. Caterease
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38883
NVD References:
- https://vuldb.com/?id.273367
CVE-2024-42348 - FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer, fixed in versions 1.5.10.41.3 and 1.6.0-beta.1395.
Product: FOG Project FOG Server
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42348
NVD References: https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw
CVE-2024-7257 - YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code on the affected site's server.
Product: YayThemes WooCommerce Extra Product Options
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7257
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/753a4f7a-7bd4-43a4-b8fb-9e982239ba0e?source=cve
CVE-2024-6915 - JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, and 7.55.18 are vulnerable to Improper Input Validation, posing a risk of cache poisoning.
Product: JFrog Artifactory
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6915
NVD References: https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
CVE-2024-6782 - Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
Product: Calibre
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6782
NVD References:
- https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9
- https://starlabs.sg/advisories/24/24-6782/
CVE-2024-32113 - Apache OFBiz is vulnerable to an improper limitation of a pathname, allowing unauthorized access to restricted directories before version 18.12.13.
Product: Apache OFBiz
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32113
ISC Podcast: https://isc.sans.edu/podcastdetail/9078
CVE-2024-22064 - The ZTE ZXUN-ePDG product is vulnerable to information leakage due to its use of non-unique cryptographic keys during secure connections with mobile devices.
Product: ZTE ZXUN-ePDG
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22064
ISC Podcast: https://isc.sans.edu/podcastdetail/9076
CVE-2024-41259 - Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.
Product: Gravatar Navidrome
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41259
NVD References: https://gist.github.com/nyxfqq/d192af10b53a363e2d9e430068333e04
CVE-2024-7314 - Anji-plus AJ-Report is vulnerable to authentication bypass, allowing remote attackers to execute arbitrary Java code by appending ";swagger-ui" to HTTP requests.
Product: anji-plus AJ-Report
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7314
NVD References:
- https://gitee.com/anji-plus/report/pulls/166/files
- https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077
- https://github.com/yuebusao/AJ-REPORT-EXPLOIT
CVE-2024-38882 - Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 are vulnerable to remote command line execution through SQL Injection.
Product: Horizon Business Services Inc. Caterease
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38882
NVD References:
CVE-2024-38883 - Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and potentially later versions are vulnerable to a Drop Encryption Level attack, allowing remote attackers to exploit a less secure algorithm during negotiation.
Product: Horizon Business Services Inc. Caterease
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38883
NVD References:
CVE-2024-42348 - FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer, fixed in versions 1.5.10.41.3 and 1.6.0-beta.1395.
Product: FOG Project FOG Server
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42348
NVD References: https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw
CVE-2024-7257 - YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code on the affected site's server.
Product: YayThemes WooCommerce Extra Product Options
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7257
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/753a4f7a-7bd4-43a4-b8fb-9e982239ba0e?source=cve
CVE-2024-6915 - JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, and 7.55.18 are vulnerable to Improper Input Validation, posing a risk of cache poisoning.
Product: JFrog Artifactory
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6915
NVD References: https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
CVE-2024-6782 - Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
Product: Calibre
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6782
NVD References:
- https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9
CVE-2024-32113 - Apache OFBiz is vulnerable to an improper limitation of a pathname, allowing unauthorized access to restricted directories before version 18.12.13.
Product: Apache OFBiz
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32113
ISC Podcast: https://isc.sans.edu/podcastdetail/9078
CVE-2024-22064 - The ZTE ZXUN-ePDG product is vulnerable to information leakage due to its use of non-unique cryptographic keys during secure connections with mobile devices.
Product: ZTE ZXUN-ePDG
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22064
ISC Podcast: https://isc.sans.edu/podcastdetail/9076
Sponsors
SANS
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today:
Xona Systems
Webcast: A zero-trust user access model can expedite compliance with new looming NERC CIP regulations | Tuesday, July 30, 1:00 pm ET | This presentation will explore challenges and elements for key NERC CIP-003-9 requirements, and an example of successful implementation. Xona will equip asset owners with the knowledge and tools to efficiently transition to a compliant and secure infrastructure and meet NERC CIP-003-9.
SANS
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today:
SANS
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today: