@RISK

@RISK: The Consensus Security Vulnerability Alert

August 15, 2024  |  Vol. 24, Num. 32

Internet Storm Center Spotlight


ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft August 2024 Patch Tuesday

Published: 2024-08-13. Last Updated: 2024-08-13 20:14:47 UTC

by Renato Marinho (Version: 1)

This month we got patches for 92 vulnerabilities. Of these, 9 are critical, and 9 are zero-days (3 previously disclosed, and 6 are already being exploited).

The CVEs CVE-2024-38189, CVE-2024-38178, CVE-2024-38193, CVE-2024-38106, CVE-2024-38213, and CVE-2024-38107 are related to the already exploited vulnerabilities and the CVEs CVE-2024-38202, CVE-2024-21302, and CVE-2024-38200 are related to previously disclosed ones.

Amongst exploited vulnerabilities, the highest CVSS (CVSS 8.8) is related to the Microsoft Project Remote Code Execution Vulnerability (CVE-2024-38189) rated as Important. According to the advisory, Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution.

Amongst critical vulnerabilities, one of the two 9.8 CVSS this month is associated to the Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2024-38140). According to the exploit, this vulnerability is exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable. An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user.

The other CVSS 9.8 is associated with the Windows TCP/IP Remote Code Execution Vulnerability (CVE-2024-38063). Systems are not affected if IPv6 is disabled on the target machine. The advisory says that an unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.

Read the full entry:

https://isc.sans.edu/diary/Microsoft+August+2024+Patch+Tuesday/31164/

Multiple Malware Dropped Through MSI Package

Published: 2024-08-14. Last Updated: 2024-08-14 08:15:29 UTC

by Xavier Mertens (Version: 1)

One of my hunting rules hit on potentially malicious PowerShell code. The file was an MSI package (not an MSIX, these are well-known to execute malicious scripts). This file was a good old OLE package ...

The file (SHA256: 69cad2bf6d63dfc93b632cfd91b5182f14b5140da22f9a0ce82c8b459ad76c38) has a low score on VT (1/32). I tried to install the package in my sandbox but it failed with an error message “This package can only be run from a bootstrapper”. After Googling more info, I found this:

If you get this error while attempting to uninstall or update a package with an EXE file, it may be because you're using a multilingual package with a display language selection dialog (for multi-language packages) in the Languages Tab. This is a known issue that occurs when your different language installations have different Product Codes.

It could be related to the language used ...

Read the full entry:

https://isc.sans.edu/diary/Multiple+Malware+Dropped+Through+MSI+Package/31168/

Internet Storm Center Entries


Video: Same Origin, CORS, DNS Rebinding and Localhost (2024.08.12)

https://isc.sans.edu/diary/Video+Same+Origin+CORS+DNS+Rebinding+and+Localhost/31158/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-38189 - Microsoft Project Remote Code Execution Vulnerability

Product: Microsoft Project

CVSS Score: 8.8

** KEV since 2024-08-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38189

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189

CVE-2024-38106 - Windows Kernel Elevation of Privilege Vulnerability

Product: Microsoft Windows Kernel

CVSS Score: 7.0

** KEV since 2024-08-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38106

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106

CVE-2024-38107 - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

Product: Microsoft Windows Power Dependency Coordinator

CVSS Score: 7.8

** KEV since 2024-08-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38107

ISC Diary:https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38107

CVE-2024-38178 - Scripting Engine Memory Corruption Vulnerability

Product: Microsoft Scripting Engine

CVSS Score: 7.5

** KEV since 2024-08-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38178

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178

CVE-2024-38193 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Product: Microsoft Windows Ancillary Function Driver for WinSock

CVSS Score: 7.8

** KEV since 2024-08-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38193

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193

CVE-2024-38213 - Windows Mark of the Web Security Feature Bypass Vulnerability

Product: Microsoft Windows Mark of the Web

CVSS Score: 6.5

** KEV since 2024-08-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38213

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38213

CVE-2024-38063 - Windows TCP/IP Remote Code Execution Vulnerability

Product: Microsoft Windows

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38063

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063

CVE-2024-38140 - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Product: Windows Reliable Multicast Transport Driver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38140

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38140

CVE-2024-38200 - Microsoft Office Spoofing Vulnerability

Product: Microsoft 365 Apps

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38200

ISC Diary: https://isc.sans.edu/diary/31164

ISC Podcast: https://isc.sans.edu/podcastdetail/9092

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200

CVE-2024-38202 - Windows Backup in Microsoft is vulnerable to an elevation of privilege attack, requiring additional user interaction for successful exploitation.

Product: Microsoft Windows Backup

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38202

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202

CVE-2024-38108 - Azure Stack Hub Spoofing Vulnerability

Product: Microsoft Azure Stack Hub

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38108

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38108

CVE-2024-38109 - Microsoft Azure Health Bot is vulnerable to SSRF, allowing an authenticated attacker to gain network privileges.

Product: Microsoft Azure Health Bot

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38109

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38109

CVE-2024-38159 & CVE-2024-38160 - Windows Network Virtualization Remote Code Execution Vulnerabilities

Product: Microsoft Windows Network Virtualization

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38159

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38160

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38159

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38160

CVE-2024-38199 - Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Product: Windows Line Printer Daemon (LPD) Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38199

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38199

CVE-2024-21302 - Windows systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS are vulnerable to an elevation of privilege allowing attackers with administrator privileges to replace current Windows system files with older versions, potentially reintroducing previously mitigated vulnerabilities and exfiltrating protected data.

Product: Microsoft Windows

CVSS Score: 6.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21302

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302

CVE-2024-6782 - Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.

Product: Calibre

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6782

NVD References:

- https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9

- https://starlabs.sg/advisories/24/24-6782/

CVE-2024-6202 - HaloITSM is vulnerable to SAML XML Signature Wrapping (XSW) attacks in versions up to 2.146.1, allowing anonymous actors to impersonate users by email address.

Product: HaloITSM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6202

NVD References: https://haloitsm.com/guides/article/?kbid=2154

CVE-2024-33957 - E-Negosyo System version 1.0 SQL injection vulnerabilities

Product: E-Negosyo System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33957

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33958

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products

CVE-2024-33960 & CVE-2024-33974 - PayPal, Credit Card and Debit Card Payment version 1.0 is vulnerable to SQL injection

Product: PayPal Credit Card and Debit Card Payment

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33960

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33974

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products

CVE-2024-7519 - Firefox, Thunderbird, and their extended support releases are vulnerable to memory corruption and potential sandbox escape due to insufficient checks in processing graphics shared memory.

Product: Mozilla Firefox

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7519

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1902307

- https://www.mozilla.org/security/advisories/mfsa2024-33/

- https://www.mozilla.org/security/advisories/mfsa2024-34/

- https://www.mozilla.org/security/advisories/mfsa2024-35/

- https://www.mozilla.org/security/advisories/mfsa2024-37/

- https://www.mozilla.org/security/advisories/mfsa2024-38/

CVE-2024-30170 - PrivX before version 34.0 is vulnerable to data exfiltration and denial of service through the REST API, fixed in subsequent versions.

Product: SSH Privx

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30170

NVD References:

- https://info.ssh.com/improper-input-validation-faq

- https://privx.docs.ssh.com/docs/security

CVE-2024-33897 - HMS Networks Cosy+ devices are vulnerable to enabling availability issues by requesting unauthorized Certificate Signing Requests from Talk2m.

Product: Hms-Networks Ewon Cosy+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33897

NVD References:

- https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/

- https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf

- https://www.ewon.biz/products/cosy/ewon-cosy-wifi

- https://www.hms-networks.com/cyber-security

CVE-2024-23483 - Zscaler Client Connector on MacOS <4.2 is vulnerable to OS Command Injection due to an Improper Input Validation flaw.

Product: Zscaler Client Connector

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23483

NVD References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2

CVE-2024-39225 through CVE-2024-39225 - Multiple Vulnerabilities in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.

Product: GL-iNet MT6000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39225

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39226

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39227

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39228

NVD References:

- http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com

- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md

- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md

- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md

- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md

CVE-2024-41616 - D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.

Product: D-Link DIR-300

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41616

NVD References:

- https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616

- https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/D-Link300.md

CVE-2024-43111 - Firefox for iOS version < 129 is vulnerable to potential Javascript command execution by long pressing on a download link.

Product: Mozilla Firefox for iOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43111

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1874907

- https://www.mozilla.org/security/advisories/mfsa2024-36/

CVE-2024-28740 - Koha ILS 23.05 and earlier versions are vulnerable to Cross Site Scripting, allowing remote attackers to execute arbitrary code through additonal-contents.pl.

Product: Koha

Active Installations: unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28740

NVD References:

- https://febin0x4e4a.wordpress.com/2023/01/11/xss-vulnerability-in-koha-integrated-library-system/

- https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils/

CVE-2024-42393 & CVE-2024-42394 - Soft AP Daemon Service is vulnerable to unauthenticated RCE attacks, potentially leading to complete system compromise.

Product: Aruba Networks ArubaOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42393

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42394

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US

CVE-2024-42395 - AP Certificate Management Service is vulnerable to an unauthenticated RCE attack, potentially leading to complete system compromise.

Product: Aruba Networks ArubaOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42395

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US

CVE-2024-41270 - Gorush v1.18.4 is vulnerable to interception and data manipulation due to its use of deprecated TLS version in the RunHTTPServer function.

Product: Gorush

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41270

NVD References: https://gist.github.com/nyxfqq/cfae38fada582a0f576d154be1aeb1fc

CVE-2024-7532 - Google Chrome was vulnerable to out of bounds memory access in ANGLE prior to version 127.0.6533.99, which could lead to heap corruption when a remote attacker used a crafted HTML page.

Product: Google Chrome

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7532

ISC Diary: https://isc.sans.edu/diary/31164

NVD References:

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/350528343

CVE-2024-7533 - Google Chrome on iOS prior to version 127.0.6533.99 had a vulnerability that could allow remote attackers to exploit heap corruption via a crafted HTML page.

Product: Google Chrome

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7533

ISC Diary: https://isc.sans.edu/diary/31164

NVD References:

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/353552540

CVE-2024-7534 - Google Chrome was vulnerable to a remote attack through a crafted HTML page, potentially leading to heap corruption.

Product: Google Chrome

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7534

ISC Diary: https://isc.sans.edu/diary/31164

NVD References:

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/352467338

CVE-2024-7535 - Google Chrome prior to version 127.0.6533.99 had a high severity vulnerability due to inappropriate implementation in V8, potentially allowing a remote attacker to exploit heap corruption via a crafted HTML page.

Product: Google Chrome

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7535

ISC Diary: https://isc.sans.edu/diary/31164

NVD References:

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/352690885

CVE-2024-7536 - Google Chrome's WebAudio vulnerability prior to version 127.0.6533.99 could be exploited by a remote attacker to corrupt the heap through a specially crafted HTML page.

Product: Google Chrome

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7536

ISC Diary: https://isc.sans.edu/diary/31164

NVD References: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html

NVD References: https://issues.chromium.org/issues/354847246

CVE-2024-7550 - Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Product: Google Chrome

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7550

ISC Diary: https://isc.sans.edu/diary/31164

NVD References:

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/355256380

CVE-2024-36130 - Ivanti Endpoint Manager for Mobile (EPMM) prior to 12.1.0.1 is vulnerable to insufficient authorization, allowing unauthorized network attackers to execute arbitrary commands on the underlying operating system.

Product: Ivanti Endpoint Manager for Mobile (EPMM)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36130

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024

CVE-2024-7569 - Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier have an information disclosure vulnerability that allows attackers to obtain the OIDC client secret.

Product: Ivanti ITSM

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7569

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

CVE-2024-7593 - Ivanti Virtual Traffic Manager (vTM) versions prior to 22.2R1 and 22.7R2 are vulnerable to remote unauthenticated attackers bypassing admin panel authentication due to improper implementation of an authentication algorithm.

Product: Ivanti Virtual Traffic Manager (vTM)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7593

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

CVE-2024-42005 - Django versions 5.0 before 5.0.8 and 4.2 before 4.2.15 are vulnerable to SQL injection in column aliases when using QuerySet.values() and values_list() on models with a JSONField.

Product: Djangoproject Django

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42005

NVD References:

- https://docs.djangoproject.com/en/dev/releases/security/

- https://groups.google.com/forum/#%21forum/django-announce

- https://www.djangoproject.com/weblog/2024/aug/06/security-releases/

CVE-2024-7580 - Alien Technology ALR-F800 up to 19.10.24.00 is vulnerable to critical os command injection via manipulation of the argument uploadedFile in the file /admin/system.html, allowing remote attackers to launch attacks.

Product: Alien Technology ALR-F800 Firmware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7580

NVD References:

- https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md

- https://vuldb.com/?ctiid.273860

- https://vuldb.com/?id.273860

- https://vuldb.com/?submit.382481

CVE-2024-7581 - Tenda A301 15.13.08.12 is susceptible to a critical vulnerability in the function formWifiBasicSet, allowing remote attackers to trigger a stack-based buffer overflow by manipulating the security argument.

Product: TendACN A301_Firmware 15.13.08.12

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7581

NVD References: https://github.com/BeaCox/IoT_vuln/tree/main/tenda/A301/WifiBasicSet_bof

CVE-2024-7582 & CVE-2024-7583 - Tenda i22 1.0.0.3(4687) critical buffer overflow vulnerabilities

Product: Tenda I22

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7582

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7583

NVD References: https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalAccessCodeAuth

NVD References: https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalOneKeyAuth

CVE-2024-34479 & CVE-2024-34480 - SourceCodester Computer Laboratory Management System 1.0 SQL injection vulnerabilities

Product: SourceCodester Computer Laboratory Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34479

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34480

NVD References: https://cxsecurity.com/issue/WLB-2024080004

NVD References: https://cxsecurity.com/issue/WLB-2024080003

CVE-2024-20450 & CVE-2024-20454 - Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones are vulnerable to remote attackers potentially executing arbitrary commands with root privileges due to improper error checking on incoming HTTP packets leading to buffer overflow exploitation.

Product: Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20450

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20454

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz

CVE-2024-41237 - Kashipara Responsive School Management System v1.0 is vulnerable to SQL injection through the "username" parameter in /smsa/teacher_login.php, allowing attackers to execute arbitrary SQL commands.

Product: Lopalopa Responsive School Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41237

NVD References:

- https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/SQL%20Injection%20-%20Teacher.pdf

- https://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code

CVE-2024-40482 - Kashipara Live Membership System v1.0 has an unrestricted file upload vulnerability in "/Membership/edit_member.php" that permits attackers to execute arbitrary code by uploading a crafted PHP file.

Product: Kashipara Live Membership System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40482

NVD References: https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Unrestricted%20File%20Upload.pdf

CVE-2024-40486 - Kashipara Live Membership System v1.0 is vulnerable to SQL injection in "/index.php," enabling remote attackers to execute SQL commands and bypass Login via email or password parameters.

Product: Kashipara Live Membership System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40486

NVD References:

- https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/SQL%20Injection.pdf

- https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code

CVE-2024-7350 - The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7, allowing unauthenticated attackers to log in as registered users, including administrators, if they have access to the user's email and the 'Auto login user after successful booking' setting is enabled.

Product: BookingPress Appointment Booking Calendar Plugin and Online Scheduling Plugin

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7350

NVD References:

- https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_customers.php#L339

- https://plugins.trac.wordpress.org/changeset/3130266/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_customers.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/4c367565-75f7-4dd7-a2f1-111df581bd7a?source=cve

CVE-2024-42037 - Vulnerability of uncaught exceptions in the Graphics module

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Product: Huawei Graphics module

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42037

NVD References: https://consumer.huawei.com/en/support/bulletin/2024/8/

CVE-2024-42355 - Shopware has a vulnerability in its Twig Tag `sw_silent_feature_call` that allows code execution, update to version 6.6.5.1 or 6.5.8.13 for a patch.

Product: Shopware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42355

NVD References:

- https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f

- https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2

- https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da

- https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac

- https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp

CVE-2024-42357 - Shopware's API search functionality allows for SQL injection via the `name` field in the `aggregations` object, fixed in versions 6.6.5.1 and 6.5.8.13, with patches available for older versions.

Product: Shopware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42357

NVD References:

- https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9

- https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f

- https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b

- https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac

- https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752

CVE-2024-7490 - Microchip Technology Advanced Software Framework example DHCP server is vulnerable to remote code execution due to improper input validation, affecting versions through 3.52.0.2574 and requiring a provided workaround or migration to an actively maintained framework.

Product: Microchip Advanced Software Framework

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7490

NVD References: https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework

CVE-2024-42366 - VRCX prior to version 2024.03.23 is vulnerable to remote command execution due to a combination of over-permission in the CefSharp browser and cross-site scripting via overlay notification.

Product: VRCX VRChat

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42366

NVD References:

- https://github.com/vrcx-team/VRCX/commit/cd2387aa3289f936ce60049121c24b0765bd4180

- https://github.com/vrcx-team/VRCX/security/advisories/GHSA-j98g-mgjm-wqph

CVE-2024-22116 - Monitoring Hosts section in the product allows restricted administrators to exploit script execution functionality, enabling arbitrary code execution via Ping script without proper parameter escaping.

Product: SolarWinds Orion Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22116

NVD References: https://support.zabbix.com/browse/ZBX-25016

CVE-2024-28986 - SolarWinds Web Help Desk has a Java Deserialization Remote Code Execution vulnerability, potentially allowing attackers to run commands on the host machine.

Product: SolarWinds Web Help Desk

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28986

NVD References:

- https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1

- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986

CVE-2024-36461 - Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

Product: Zabbix

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36461

NVD References: https://support.zabbix.com/browse/ZBX-25018

CVE-2024-37023, CVE-2024-39791, CVE-2024-39815 - Multiple vulnerabilities in Vonets industrial wifi bridge relays and wifi bridge repeaters versions 3.3.23.6.9 and prior

Product: Vonets industrial wifi bridge relays and wifi bridge repeaters

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37023

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39791

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39815

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

CVE-2024-38989 - Izatop bunt v0.29.19 is vulnerable to prototype pollution in /esm/qs.js, allowing attackers to execute arbitrary code or cause a DoS by injecting properties.

Product: Izatop bunt

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38989

NVD References:

- https://gist.github.com/mestrtee/5e9830fb180a34d65f04fafb52d2b94b

- https://github.com/izatop/bunt/commit/c55201a8cee03e5282f99874dead988c80d31db7

CVE-2024-40477 - PHPGurukul Old Age Home Management System v1.0 is vulnerable to SQL injection via the "email" parameter in "/oahms/admin/forgot-password.php," allowing attackers to execute arbitrary SQL commands.

Product: PHPGurukul Old Age Home Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40477

NVD References:

- https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/SQL%20Injection.pdf

- https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/

CVE-2024-41476 - AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.

Product: AMTT Hotel Broadband Operation System (HiBOS)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41476

NVD References:

- https://gist.github.com/lidy4x1/3314fbd82c3d72831c16f9c47a9bfb11

- https://www.amttgroup.com/

CVE-2024-41570 - Havoc 2 0.7 is vulnerable to an unauthenticated SSRF that enables attackers to send malicious network traffic from the team server.

Product: Havoc 2.0.7

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41570

NVD References: https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/

CVE-2024-42166 & CVE-2024-42167 - FIWARE Keyrock <= 8.4 vulnerabilities allow authenticated users to execute commands through malicious application names or by creating a malicious application.

Product: FIWARE Keyrock

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42166

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42167

NVD References: https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories

CVE-2024-42467 - openHAB's CometVisu add-on prior to version 4.2.1 allows for Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks, potentially leading to Remote Code Execution (RCE).

Product: openHAB CometVisu

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42467

NVD References:

- https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/backend/rest/ProxyResource.java#L83

- https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2

- https://github.com/openhab/openhab-webui/security/advisories/GHSA-v7gr-mqpj-wwh3

CVE-2024-42469 - openHAB's CometVisu add-on prior to version 4.2.1 allows unauthenticated file system access and is susceptible to path traversal, granting an attacker the ability to overwrite files and potentially execute remote code.

Product: openHAB CometVisu

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42469

NVD References:

- https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2

- https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf

CVE-2024-7503 - The WooCommerce - Social Login plugin for WordPress allows unauthenticated attackers to log in as any existing user on the site, including administrators, through an authentication bypass vulnerability in versions up to 2.7.5.

Product: WooCommerce Social Login plugin

Active Installations: 8,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7503

NVD References:

- https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin

- https://www.wordfence.com/threat-intel/vulnerabilities/id/f3b727ba-b39c-4a98-a6a6-ea33785079f6?source=cve

CVE-2024-7616 - Edimax IC-6220DC and IC-5150W up to 3.06 are susceptible to critical command injection via manipulation of the argument host in the cgiFormString function of the ipcam_cgi file.

Product: Edimax IC-6220DC and IC-5150W

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7616

NVD References:

- https://yjz233.notion.site/edimax-IC-5150W-has-command-injection-vulnerability-in-ipcam_cgi-cc72c7b7e2f24ba6a6609b6fcf78df34

- https://yjz233.notion.site/edimax-IC-6220DC-has-command-injection-vulnerability-in-ipcam_cgi-2029d67721f2473b8cfce5e286a70307?pvs=4

CVE-2024-38530 - The Open eClass platform is vulnerable to an arbitrary file upload flaw in the H5P module, allowing unauthenticated users to upload files on the server's filesystem and potentially leading to unrestricted remote code execution.

Product: Open eClass

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38530

NVD References:

- https://github.com/gunet/openeclass/commit/4449cf8bed40fd8fc4b267a5726fab9f9fe5a191

- https://github.com/gunet/openeclass/security/advisories/GHSA-88c3-hp7p-grgg

CVE-2024-42479 - llama.cpp has a vulnerability in its `rpc_tensor` structure's `data` pointer which allows for arbitrary address writing, fixed in version b3561.

Product: BoonAI llama.cpp

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42479

NVD References:

- https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b

- https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj

CVE-2024-42520 - TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.

Product: Totolink A3002R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42520

NVD References: https://github.com/c10uds/totolink_A3002R_stackoverflow

CVE-2024-42543, CVE-2024-42545, CVE-2024-42546, & CVE-2024-42547 - TOTOLINK A3700R v9.1.2u.5822_B20200513 buffer overflow vulnerabilities

Product: Totolink A3700R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42543

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42545

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42546

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42547

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/loginauth.md

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWizardCfg.md

NVD References: https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3100R/loginauth_password.md

NVD References: https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3100R/loginauth.md

CVE-2024-6917 - Veribilim Software Veribase Order Management before v4.010.2 is vulnerable to OS Command Injection.

Product: Veribase Order Management

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6917

NVD References: https://www.usom.gov.tr/bildirim/tr-24-1105

CVE-2023-7249 - OpenText OpenText Directory Services is vulnerable to Path Traversal from version 16.4.2 to 24.1, allowing for improper limitation of a pathname to a restricted directory.

Product: OpenText Directory Services

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-7249

NVD References: https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0807814

CVE-2024-42489 - Pro Macros allows remote code execution by exploiting missing escapings in the Viewpdf macro, affecting users with specific page permissions, and is fixed in version 1.10.1.

Product: Pro Macros XWiki

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42489

NVD References:

- https://github.com/xwikisas/xwiki-pro-macros/blob/main/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Viewpdf.xml#L265-L267

- https://github.com/xwikisas/xwiki-pro-macros/commit/199553c84901999481a20614f093af2d57970eba

- https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-cfq3-q227-7j65

CVE-2024-41475 - Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.

Product: Gnuboard g6

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41475

NVD References: https://gist.github.com/AkiaCode/7c878b1699931314246d6589d86b1e89

CVE-2024-43360 - ZoneMinder is susceptible to a time-based SQL Injection vulnerability, which has been addressed in versions 1.36.34 and 1.37.61.

Product: ZoneMinder

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43360

NVD References:

- https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a

- https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6

- https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397

- https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5

- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj

CVE-2024-7094 - The JS Help Desk plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in versions up to 2.8.6 via the 'storeTheme' function, allowing unauthenticated attackers to execute code on the server.

Product: JS Help Desk The Ultimate Help Desk & Support Plugin

Active Installations: 5,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7094

NVD References:

- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/css/style.php

- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/formhandler.php

- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/controller.php

- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/model.php

- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/tpls/admin_themes.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/31513f9e-6185-425b-9e7e-36f21f72d0a2?source=cve

CVE-2024-41730 - SAP BusinessObjects Business Intelligence Platform is vulnerable to unauthorized users obtaining logon tokens through a REST endpoint, leading to a full compromise of the system and high impact on confidentiality, integrity, and availability.

Product: AP BusinessObjects Business Intelligence Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41730

NVD References:

- https://me.sap.com/notes/3479478

- https://url.sap/sapsecuritypatchday

CVE-2024-41940 - SINEC NMS (All versions < V3.0) allows authenticated attackers to execute OS commands with elevated privileges due to inadequate user input validation in the privileged command queue.

Product: SINEC NMS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41940

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-784301.html

CVE-2024-43121 - Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.

Product: WordPress HUSKY plug-in

Active Installations: 100,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43121

NVD References: https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-6-1-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-37287 - Kibana is vulnerable to a prototype pollution flaw that can be exploited for arbitrary code execution by an attacker with specific access rights.

Product: Elastic Kibana

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37287

NVD References: https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/

CVE-2024-43141 - Participants Database by Roland Barker, xnau webdesign is vulnerable to deserialization of untrusted data, allowing for object injection in versions from n/a through 2.5.9.2.

Product: WordPress Participants Database Plugin

Active Installations: 9,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43141

NVD References: https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-5-9-2-php-object-injection-vulnerability?_s_id=cve

CVE-2024-43153 - Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation. This issue affects Woffice from n/a through 5.4.10.

Product: WofficeIO Woffice

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43153

NVD References: https://patchstack.com/database/vulnerability/woffice/wordpress-woffice-theme-5-4-10-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-43160 - Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP from n/a through 1.7.6.

Product: BerqWP

Active Installations: 900+

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43160

NVD References: https://patchstack.com/database/vulnerability/searchpro/wordpress-berqwp-plugin-1-7-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

The following vulnerability needs a manual review:

Manual Review Needed:

CVE-2024-38222 - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability