The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft September 2024 Patch Tuesday

Published: 2024-09-10.

Last Updated: 2024-09-10 17:59:45 UTC

by Johannes Ullrich (Version: 1)

Today, Microsoft released its scheduled September set of patches. This update addresses 79 different vulnerabilities. Seven of these vulnerabilities are rated critical. Four vulnerabilities are already being exploited and have been made public.

Noteworthy Vulnerabilities:

CVE-2024-43491: This "downgrade" vulnerabilities. An attacker can remove previously applied patches and exploit older vulnerabilities. This issue only affects Windows 15 Version 1507, which is EOL. It appears to differ from the similar vulnerabilities (CVE-2024-38202 and CVE-2024-21302) made public by Alon Leviev during Blackhat this year. These two vulnerabilities appear to remain unpatched.

CVE-2024-38014: A Windows Installer issue could lead to attackers gaining System access.

CVE-2024-38217: Yet another "Mark of the Web" bypass that is already exploited and could be used to trick a victim into installing malware.

CVE-2024-38226: Similar to the above vulnerability, a security feature bypass in Publisher.

Microsoft also patched four remote code execution vulnerabilities in Sharepoint, but the lower CVSS score indicates that exploitation will require access and specific prerequisites.

CVE-2024-38119: A critical vulnerability in the Windows NAT code. The low CVSS score is likely because this is not enabled by default.

https://isc.sans.edu/diary/Microsoft+September+2024+Patch+Tuesday/31254/

Attack Surface [Guest Diary]

Published: 2024-09-04.

Last Updated: 2024-09-05 01:15:09 UTC

by Guy Bruneau (Version: 1)

[This is a Guest Diary by Joshua Tyrrell, an ISC intern as part of the SANS.edu BACS program]

Managing the Attack Surface

You’ve begun the journey of reviewing your IT infrastructure and attempting to figure out how to protect yourself from those who might not have the greatest intentions. That’s great! Stop yourself though, before you get too far into the weeds of the different technologies available to you to defend yourself. Before you get to that point, there are some details that need to be fleshed out. Let’s have a look:

What industry are you in? Depending on the service provided, you may already have a baseline that you need to be at, provided to you by those who came before you and have danced with those who mean you harm.

Where and who do you do business with? If you’re a utility provider in Topeka, Kansas, does it make sense to have your online presence available to the general public outside of the Continental United States? Think about the potential risk versus limiting access to those who need to manage it.

What does your organization actually need to be successful? What data do you actually need to survive, what devices are necessary, what software will get you to where you need to be?

These are all pertinent questions to either scaling up or scaling down your attack surface and working towards having chaos-free Friday nights.

Fortify the Exterior Walls

Defense-in-Depth is the name of the game in the 21st Century, but that doesn’t mean we shouldn’t be doing what we can to make sure the perimeter walls aren’t as imposing as possible. You use firewalls, yes, but are you using them to their maximum potential? Modern firewalls allow for geo-blocking, which is the blocking of traffic based on IP addresses correlated to countries. These databases are updated somewhat regularly, so there is maintenance to be done on your firewalls to make sure they’re up to date. If you’d like even stronger evidence for using geo-blocking, search for “Top 10 Countries where cyber attacks originate”. Lists have been generated by teams across the world to show where many of the world’s cyber criminals are calling home. Now though, what if you do have a business partner that resides in one of those countries that you may not want traffic widely from? Easy enough, create an exception for their ASN in the geo-fence.

Another tool at your disposal is reputation filtering. This process allows your firewall to reference the IP of either source or destination and forward or drop the packet as per the policy. This can be highly effective at reducing the amount of potentially malicious traffic that is not initially blocked by your geo-fence. Take heed though: Cloud Service Providers may be unintentionally flagged and dropped due to the nature of their business model. There is a way to help you navigate this mystery though, and that is to simply look at who the largest CSP’s are, and weigh that against historical traffic to your assets. You may want to allow AWS, Azure, GCP, and even DigitalOcean, but how about that small-time server farm in Seychelles? Or the Netherlands? Those you can probably block outright, after considering those initial questions we talked about earlier.

https://isc.sans.edu/diary/Attack+Surface+Guest+Diary/31232/

Scans for Moodle Learning Platform Following Recent Update

Published: 2024-09-04.

Last Updated: 2024-09-04 14:37:39 UTC

by Johannes Ullrich (Version: 1)

On August 10th, the popular learning platform "Moodle" released an update fixing CVE-2024-43425. RedTeam Pentesting found the vulnerability and published a detailed blog post late last week. The blog post demonstrates in detail how a user with the "trainer" role could execute arbitrary code on the server. A trainer would have to publish a "calculated question". These questions are generated dynamically by evaluating a formula. Sadly, the formula was evaluated using PHP's "eval" command. As pointed out by RedTeam Pentesting, "eval" is a very dangerous command to use and should be avoided if at all possible. This applies not only to PHP but to most languages (also see my video about command injection vulnerabilities). As I usually say: "eval is only one letter away from evil".

The exploit does require the attacker to be able to publish questions. However, Moodle is used by larger organizations like Universities. An attacker may be able to obtain credentials as a "trainer" via brute forcing or credential stuffing.

I got pointed to "Moodle" after seeing this URL in our "First Seen" list of newly accessed URLs ...

https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230/

Wireshark 4.4's IP Address Functions (2024.09.09)

https://isc.sans.edu/diary/Wireshark+44s+IP+Address+Functions/31250/

Password Cracking & Energy: More Details (2024.09.08)

https://isc.sans.edu/diary/Password+Cracking+Energy+More+Dedails/31242/

Python & Notepad++ (2024.09.07)

https://isc.sans.edu/diary/Python+Notepad/31240/

Enrichment Data: Keeping it Fresh (2024.09.06)

https://isc.sans.edu/diary/Enrichment+Data+Keeping+it+Fresh/31236/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: Microsoft Windows 10

CVSS Score: 9.8

** KEV since 2024-09-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43491

ISC Diary: https://isc.sans.edu/diary/31254

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491

Product: Microsoft Windows Installer

CVSS Score: 7.8

** KEV since 2024-09-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38014

ISC Diary: https://isc.sans.edu/diary/31254

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014

Product: Microsoft Publisher

CVSS Score: 7.3

** KEV since 2024-09-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38226

ISC Diary: https://isc.sans.edu/diary/31254

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226

Product: Microsoft Windows Mark of the Web

CVSS Score: 5.4

** KEV since 2024-09-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38217

ISC Diary: https://isc.sans.edu/diary/31254

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217

Product: Progress LoadMaster

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7591

ISC Podcast: https://isc.sans.edu/podcastdetail/9132

NVD References: https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591

Product: Microsoft Azure Stack Hub

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38220

ISC Diary: https://isc.sans.edu/diary/31254

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220

Product: Rems Contact Manager With Export To Vcf

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8380

NVD References: https://github.com/jadu101/CVE/blob/main/SourceCodester_Contact_Manager_delete_contact_sqli.md

Product: Zyxel NWA1123ACv3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7261

NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024

Product: VMware Fusion

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38811

ISC Podcast: https://isc.sans.edu/podcastdetail/9124

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939

Product: SeaCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44921

NVD References: https://github.com/nn0nkey/nn0nkey/blob/main/CVE-2024-44921.md

Product: Mozilla Firefox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8381

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8384

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8385

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8387

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8389

NVD References: https://www.mozilla.org/security/advisories/mfsa2024-39/

NVD References: https://www.mozilla.org/security/advisories/mfsa2024-40/

NVD References: https://www.mozilla.org/security/advisories/mfsa2024-41/

NVD References: https://www.mozilla.org/security/advisories/mfsa2024-43/

NVD References: https://www.mozilla.org/security/advisories/mfsa2024-44/

Product: SAMPA AKOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4259

NVD References: https://www.usom.gov.tr/bildirim/tr-24-1377

Product: Progress OpenEdge

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7345

NVD References: https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication

Product: OneSoftNet SudoBot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45307

NVD References: https://github.com/onesoft-sudo/sudobot/commit/ef46ca98562f3c1abef4ff7dd94d8f7b8155ee50

NVD References: https://github.com/onesoft-sudo/sudobot/security/advisories/GHSA-crgg-w3rr-r9h4

Product: PingCAP TiDB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41433

NVD References:

- https://gist.github.com/ycybfhb/eec3a1eefe4c85eb22f1bca6114359a1

- https://github.com/pingcap/tidb/issues/53796

Product: RECANTHA Pi Camera

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44809

NVD References:

- https://github.com/recantha/camera-pi/blob/ef018d212288cb16404f0b050593d20f0dc0467b/www/tilt.php#L4

-

cve-2024-44809-remote-code-execution-in-raspberry-pi-camera-project-4b8e3486a628" target="_self">https://jacobmasse.medium.com/cve-2024-44809-remote-code-execution-in-raspberry-pi-camera-project-4b8e3486a628CVE-2024-45443 - Directory traversal vulnerability in the cust moduleImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.Product: Huawei EmuiCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45443NVD References: https://consumer.huawei.com/en/support/bulletin/2024/9/CVE-2024-7950 - The WP Job Portal plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation, allowing unauthenticated attackers to execute arbitrary code and create user accounts with Administrator privileges.Product: WP Job Portal plugin for WordPressActive Installations: 6,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7950NVD References: - https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/formhandler.php- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/includer.php- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/wpjobportal-hooks.php- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/configuration/controller.php- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/controller.php- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/tmpl/views/frontend/form-field.php- https://plugins.trac.wordpress.org/changeset/3138675/- https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1d5275-3398-47a7-889b-4050ebe635ee?source=cveCVE-2024-34657 - Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.Product: Samsung NotesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34657NVD References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09CVE-2024-6926 - The Viral Signup WordPress plugin is vulnerable to SQL injection due to improper sanitisation of parameters in an AJAX action accessible to unauthenticated users.Product: WordPress Viral SignupActive Installations: 60+ (this plugin is closed)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6926NVD References: https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/CVE-2024-45195 - Apache OFBiz is vulnerable to a direct request ('Forced Browsing') issue before version 18.12.16, which can be fixed by upgrading to the latest release.Product: Apache OFBizCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45195ISC Podcast: https://isc.sans.edu/podcastdetail/9128NVD References: - https://issues.apache.org/jira/browse/OFBIZ-13130- https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy- https://ofbiz.apache.org/download.html- https://ofbiz.apache.org/security.htmlCVE-2024-45507 - Apache OFBiz is vulnerable to Server-Side Request Forgery (SSRF) and Code Injection before version 18.12.16.Product: Apache OFBizCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45507NVD References: - https://issues.apache.org/jira/browse/OFBIZ-13132- https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy- https://ofbiz.apache.org/download.html- https://ofbiz.apache.org/security.htmlCVE-2024-8289 - The MultiVendorX plugin for WordPress is vulnerable to privilege escalation and account takeover, allowing unauthenticated attackers to change passwords and roles of users with the vendor role.Product: MultiVendorXActive Installations: 5,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8289NVD References: - https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L382- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L641- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L705- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/trunk/api/class-mvx-rest-vendors-controller.php?rev=3145638- https://www.wordfence.com/threat-intel/vulnerabilities/id/a85fbaff-d566-4ed2-8943-c174e0c4d2d8?source=cveCVE-2024-44400 - D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp.Product: D-Link DI-8400CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44400NVD References: - https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/CVE-2024-44400- https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.mdCVE-2024-7012 - Foreman is vulnerable to an authentication bypass due to a configuration issue with Apache's mod_proxy, potentially granting unauthorized administrative acces…

Product: WP Job Portal plugin for WordPress

Active Installations: 6,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7950

NVD References:

- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/formhandler.php

- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/includer.php

- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/wpjobportal-hooks.php

- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/configuration/controller.php

- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/controller.php

- https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/tmpl/views/frontend/form-field.php

- https://plugins.trac.wordpress.org/changeset/3138675/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1d5275-3398-47a7-889b-4050ebe635ee?source=cve

Product: Samsung Notes

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34657

NVD References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09

Product: WordPress Viral Signup

Active Installations: 60+ (this plugin is closed)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6926

NVD References: https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/

Product: Apache OFBiz

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45195

ISC Podcast: https://isc.sans.edu/podcastdetail/9128

NVD References:

- https://issues.apache.org/jira/browse/OFBIZ-13130

- https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy

- https://ofbiz.apache.org/download.html

- https://ofbiz.apache.org/security.html

Product: Apache OFBiz

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45507

NVD References:

- https://issues.apache.org/jira/browse/OFBIZ-13132

- https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy

- https://ofbiz.apache.org/download.html

- https://ofbiz.apache.org/security.html

Product: MultiVendorX

Active Installations: 5,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8289

NVD References:

- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L382

- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L641

- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L705

- https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/trunk/api/class-mvx-rest-vendors-controller.php?rev=3145638

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a85fbaff-d566-4ed2-8943-c174e0c4d2d8?source=cve

Product: D-Link DI-8400CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44400NVD References: - https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/CVE-2024-44400- https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.mdCVE-2024-7012 - Foreman is vulnerable to an authentication bypass due to a configuration issue with Apache's mod_proxy, potentially granting unauthorized administrative access.Product: RedHat SatelliteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7012NVD References: - https://access.redhat.com/errata/RHSA-2024:6335- https://access.redhat.com/errata/RHSA-2024:6336- https://access.redhat.com/errata/RHSA-2024:6337- https://access.redhat.com/security/cve/CVE-2024-7012- https://bugzilla.redhat.com/show_bug.cgi?id=2299429CVE-2024-7923 - Pulpcore is vulnerable to an authentication bypass issue when deployed with Gunicorn versions before 22.0, allowing unauthorized users to potentially gain administrative access.Product: Redhat SatelliteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7923NVD References: - https://access.redhat.com/errata/RHSA-2024:6335- https://access.redhat.com/errata/RHSA-2024:6336- https://access.redhat.com/errata/RHSA-2024:6337- https://access.redhat.com/security/cve/CVE-2024-7923- https://bugzilla.redhat.com/show_bug.cgi?id=2305718CVE-2024-8408 - Linksys WRT54G 4.21.5 is vulnerable to a critical stack-based buffer overflow in the POST Parameter Handler component, allowing for remote attacks.Product: Linksys WRT54G CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8408NVD References: - https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.mdCVE-2024-7076 & CVE-2024-7078 - Semtek Sempos iSQL Injection vulnerabilities through July 31, 2024.Product: Semtekyazilim Semtek SemposCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7076NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7078NVD References: https://www.usom.gov.tr/bildirim/tr-24-1396CVE-2024-44808 - Vypor Attack API System v.1.0 allows remote attackers to execute arbitrary code via user GET parameter.Product: Vypor Attack API SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44808NVD References: - https://github.com/Vypor/Vypors-Attack-API-System- https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595CVE-2024-45076 - IBM webMethods Integration 10.15 allows an authenticated user to upload and execute arbitrary files on the underlying operating system.Product: IBM WebMethods IntegrationCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45076NVD References: https://www.ibm.com/support/pages/node/7167245CVE-2024-20439 - Cisco Smart Licensing Utility has a vulnerability that lets an unauthenticated, remote attacker access an affected system using a static administrative credential.Product: Cisco Smart Licensing UtilityCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20439NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmwCVE-2024-8415 & CVE-2024-8416 - SourceCodester Food Ordering Management System 1.0 critical SQL injection flawsProduct: Oretnom23 Food Ordering Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8415NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8416NVD References: https://github.com/Niu-zida/cve/blob/main/sql.mdNVD References: https://github.com/SherlockMA0/cve/blob/main/sql2.mdCVE-2024-43102 - FreeBSD is vulnerable to concurrent removals of certain anonymous shared memory mappings, which can result in premature object destruction and potentially lead to kernel panics, Use-After-Free attacks, and code execution.Product: Freebsd FreeBSD 14.1CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43102NVD References: https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.ascCVE-2024-8463 - PHPGurukul Job Portal 1.0 is vulnerable to file upload restriction bypass, enabling an authenticated user to execute remote code execution (RCE) using a webshell.Product: PHPGurukul Job PortalCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8463NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-job-portalCVE-2024-42885 - ESAFENET CDG 5.6 and before is vulnerable to SQL Injection, enabling attackers to run arbitrary code through the id parameter in the data.jsp page.Product: ESAFENET CDGCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42885NVD References: https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932bCVE-2024-24759 - MindsDB was vulnerable to DNS Rebinding prior to version 23.12.4.2, allowing threat actors to bypass server-side request forgery protection and potentially cause denial of …

Product: RedHat SatelliteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7012NVD References: - https://access.redhat.com/errata/RHSA-2024:6335- https://access.redhat.com/errata/RHSA-2024:6336- https://access.redhat.com/errata/RHSA-2024:6337- https://access.redhat.com/security/cve/CVE-2024-7012- https://bugzilla.redhat.com/show_bug.cgi?id=2299429CVE-2024-7923 - Pulpcore is vulnerable to an authentication bypass issue when deployed with Gunicorn versions before 22.0, allowing unauthorized users to potentially gain administrative access.Product: Redhat SatelliteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7923NVD References: - https://access.redhat.com/errata/RHSA-2024:6335- https://access.redhat.com/errata/RHSA-2024:6336- https://access.redhat.com/errata/RHSA-2024:6337- https://access.redhat.com/security/cve/CVE-2024-7923- https://bugzilla.redhat.com/show_bug.cgi?id=2305718CVE-2024-8408 - Linksys WRT54G 4.21.5 is vulnerable to a critical stack-based buffer overflow in the POST Parameter Handler component, allowing for remote attacks.Product: Linksys WRT54G CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8408NVD References: - https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.mdCVE-2024-7076 & CVE-2024-7078 - Semtek Sempos iSQL Injection vulnerabilities through July 31, 2024.Product: Semtekyazilim Semtek SemposCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7076NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7078NVD References: https://www.usom.gov.tr/bildirim/tr-24-1396CVE-2024-44808 - Vypor Attack API System v.1.0 allows remote attackers to execute arbitrary code via user GET parameter.Product: Vypor Attack API SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44808NVD References: - https://github.com/Vypor/Vypors-Attack-API-System- https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595CVE-2024-45076 - IBM webMethods Integration 10.15 allows an authenticated user to upload and execute arbitrary files on the underlying operating system.Product: IBM WebMethods IntegrationCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45076NVD References: https://www.ibm.com/support/pages/node/7167245CVE-2024-20439 - Cisco Smart Licensing Utility has a vulnerability that lets an unauthenticated, remote attacker access an affected system using a static administrative credential.Product: Cisco Smart Licensing UtilityCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20439NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmwCVE-2024-8415 & CVE-2024-8416 - SourceCodester Food Ordering Management System 1.0 critical SQL injection flawsProduct: Oretnom23 Food Ordering Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8415NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8416NVD References: https://github.com/Niu-zida/cve/blob/main/sql.mdNVD References: https://github.com/SherlockMA0/cve/blob/main/sql2.mdCVE-2024-43102 - FreeBSD is vulnerable to concurrent removals of certain anonymous shared memory mappings, which can result in premature object destruction and potentially lead to kernel panics, Use-After-Free attacks, and code execution.Product: Freebsd FreeBSD 14.1CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43102NVD References: https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.ascCVE-2024-8463 - PHPGurukul Job Portal 1.0 is vulnerable to file upload restriction bypass, enabling an authenticated user to execute remote code execution (RCE) using a webshell.Product: PHPGurukul Job PortalCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8463NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-job-portalCVE-2024-42885 - ESAFENET CDG 5.6 and before is vulnerable to SQL Injection, enabling attackers to run arbitrary code through the id parameter in the data.jsp page.Product: ESAFENET CDGCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42885NVD References: https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932bCVE-2024-24759 - MindsDB was vulnerable to DNS Rebinding prior to version 23.12.4.2, allowing threat actors to bypass server-side request forgery protection and potentially cause denial of service.Product: MindsDB CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24759NVD References: - https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xrCVE-2024-44727 - Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.Product: Angeljudesuarez Event Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44727NVD References: http…

Product: Redhat SatelliteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7923NVD References: - https://access.redhat.com/errata/RHSA-2024:6335- https://access.redhat.com/errata/RHSA-2024:6336- https://access.redhat.com/errata/RHSA-2024:6337- https://access.redhat.com/security/cve/CVE-2024-7923- https://bugzilla.redhat.com/show_bug.cgi?id=2305718CVE-2024-8408 - Linksys WRT54G 4.21.5 is vulnerable to a critical stack-based buffer overflow in the POST Parameter Handler component, allowing for remote attacks.Product: Linksys WRT54G CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8408NVD References: - https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.mdCVE-2024-7076 & CVE-2024-7078 - Semtek Sempos iSQL Injection vulnerabilities through July 31, 2024.Product: Semtekyazilim Semtek SemposCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7076NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7078NVD References: https://www.usom.gov.tr/bildirim/tr-24-1396CVE-2024-44808 - Vypor Attack API System v.1.0 allows remote attackers to execute arbitrary code via user GET parameter.Product: Vypor Attack API SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44808NVD References: - https://github.com/Vypor/Vypors-Attack-API-System- https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595CVE-2024-45076 - IBM webMethods Integration 10.15 allows an authenticated user to upload and execute arbitrary files on the underlying operating system.Product: IBM WebMethods IntegrationCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45076NVD References: https://www.ibm.com/support/pages/node/7167245CVE-2024-20439 - Cisco Smart Licensing Utility has a vulnerability that lets an unauthenticated, remote attacker access an affected system using a static administrative credential.Product: Cisco Smart Licensing UtilityCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20439NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmwCVE-2024-8415 & CVE-2024-8416 - SourceCodester Food Ordering Management System 1.0 critical SQL injection flawsProduct: Oretnom23 Food Ordering Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8415NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8416NVD References: https://github.com/Niu-zida/cve/blob/main/sql.mdNVD References: https://github.com/SherlockMA0/cve/blob/main/sql2.mdCVE-2024-43102 - FreeBSD is vulnerable to concurrent removals of certain anonymous shared memory mappings, which can result in premature object destruction and potentially lead to kernel panics, Use-After-Free attacks, and code execution.Product: Freebsd FreeBSD 14.1CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43102NVD References: https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.ascCVE-2024-8463 - PHPGurukul Job Portal 1.0 is vulnerable to file upload restriction bypass, enabling an authenticated user to execute remote code execution (RCE) using a webshell.Product: PHPGurukul Job PortalCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8463NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-job-portalCVE-2024-42885 - ESAFENET CDG 5.6 and before is vulnerable to SQL Injection, enabling attackers to run arbitrary code through the id parameter in the data.jsp page.Product: ESAFENET CDGCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42885NVD References: https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932bCVE-2024-24759 - MindsDB was vulnerable to DNS Rebinding prior to version 23.12.4.2, allowing threat actors to bypass server-side request forgery protection and potentially cause denial of service.Product: MindsDB CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24759NVD References: - https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xrCVE-2024-44727 - Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.Product: Angeljudesuarez Event Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44727NVD References: https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Sourcecodehero%20Event%20Management%20System/CVE-2024-44727.MDCVE-2024-45158 - Mbed TLS 3.6 before 3.6.1 is vulnerable to a stack buffer overflow in mbedtls_ecdsa functions when bits parameter exceeds supported curve sizes, affecting all values of bits in certain configurations with PSA disabled.Product: Mbed TLSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45158NVD References: - https://github.com/Mbed-TLS/mbedtls/releases/- https://mbed-tls.readthedocs.io/en/latest/security-advisor…

Product: Linksys WRT54G

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8408

NVD References:

- https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md

Product: Semtekyazilim Semtek Sempos

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7076

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7078

NVD References: https://www.usom.gov.tr/bildirim/tr-24-1396

Product: Vypor Attack API System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44808

NVD References:

- https://github.com/Vypor/Vypors-Attack-API-System

-

Product: IBM WebMethods Integration

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45076

NVD References: https://www.ibm.com/support/pages/node/7167245

Product: Cisco Smart Licensing Utility

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20439

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw

Product: Oretnom23 Food Ordering Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8415

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8416

NVD References: https://github.com/Niu-zida/cve/blob/main/sql.md

NVD References: https://github.com/SherlockMA0/cve/blob/main/sql2.md

Product: Freebsd FreeBSD 14.1

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43102

NVD References: https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.asc

Product: PHPGurukul Job Portal

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8463

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-job-portal

Product: ESAFENET CDG

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42885

NVD References: https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b

Product: MindsDB

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24759

NVD References:

- https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b

- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr

Product: Angeljudesuarez Event Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44727

NVD References: https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Sourcecodehero%20Event%20Management%20System/CVE-2024-44727.MD

Product: Mbed TLS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45158

NVD References:

- https://github.com/Mbed-TLS/mbedtls/releases/

- https://mbed-tls.readthedocs.io/en/latest/security-advisories/

- https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/

Product: FlyCASS CASS and KCM systems

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8395

NVD References: https://ian.sh/tsa

Product: WP-Recall Registration

Active Installations: 2,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8292

NVD References:

- https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/classes/class-rcl-create-order.php#L127

- https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/functions-frontend.php#L113

- https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/rcl-functions.php#L1339

- https://plugins.trac.wordpress.org/changeset/3145798/wp-recall/trunk/add-on/commerce/classes/class-rcl-create-order.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/8fa4b5df-dc71-49de-880b-895eb1d9cdca?source=cve

Product: WordPress WPCOM Member plugin

Active Installations: 2,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7493

NVD References:

- https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.5.2/includes/form-validation.php#L267

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8?source=cve

Product: D-Link DI-8100GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44401NVD References: - https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/CVE-2024-44401- https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/D-link_DI_8100GA1_Command_Injection.mdCVE-2024-44402 - D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.Product: D-Link DI-8100GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44402NVD References: - https://github.com/lonelylonglong/openfile-/blob/main/msp.md/CVE-2024-44402- https://github.com/lonelylonglong/openfile-/blob/main/msp.md/msp.mdCVE-2024-45758 - H2O.ai H2O through 3.46.0.4 allows arbitrary setting of JDBC URL, enabling deserialization attacks, file reads, and command execution by attackers.Product: H2O.ai H2OCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45758NVD References: - https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb- https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068CVE-2024-8517 - SPIP is vulnerable to a command injection issue, allowing remote attackers to execute arbitrary commands via a crafted HTTP request.Product: SPIPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8517NVD References: - https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html- https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/- https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/- https://vulncheck.com/advisories/spip-upload-rceCVE-2024-44838, CVE-2024-44839, & CVE-2024-45771 - RapidCMS v1.3.1 was discovered to contain multiple SQL injection vulnerabilitiesProduct: RapidCMS v1.3.1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44838NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44839NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45771NVD References: https://github.com/OpenRapid/rapidcms/issues/17NVD References: https://github.com/OpenRapid/rapidcms/issues/18CVE-2024-8561 - SourceCodester PHP CRUD 1.0 is vulnerable to critical SQL injection through the deletion functionality in /endpoint/delete.php.Product: Rems PHP CRUDCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8561CVE-2024-8565 - SourceCodesters Clinics Patient Management System 2.0 is vulnerable to a critical SQL injection issue in /print_diseases.php that can be remotely exploited.Product: Oretnom23 Clinics Patient Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8565NVD References: https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-SQLi.mdCVE-2024-8567 - itsourcecode Payroll Management System 1.0 is vulnerable to a critical SQL injection attack through the /ajax.php?action=delete_deductions file, allowing remote attackers to manipulate the id argument.Product: Payroll Management System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8567NVD References: - https://github.com/ppp-src/ha/issues/8- https://itsourcecode.com/CVE-2024-8569 - Hospital Management System 1.0 has a critical vulnerability in user-login.php allowing for remote SQL injection attacks via the username argument.Product: Fabianros Hospital Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8569NVD References: - https://code-projects.org/- https://github.com/teachersongsec/cve/issues/1CVE-2024-6924 - The TrueBooker WordPress plugin before 1.0.3 is vulnerable to SQL injection due to improper sanitisation of parameters in an AJAX action accessible by unauthenticated users.Product: TrueBooker WordPress pluginActive Installations: 300+ (this plugin is closed)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6924NVD References: https://wpscan.com/vulnerability/39e79801-6ec7-4579-bc6b-fd7e899733a8/CVE-2024-6928 - The Opti Marketing WordPress plugin is vulnerable to SQL injection due to unauthenticated users being able to exploit an AJAX action.Product: Opti Marketing WordPress PluginActive Installations: 40+ (this plugin has been closed as of August 8, 2024 and is not available for download)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6928NVD References: https://wpscan.com/vulnerability/7bb9474f-2b9d-4856-b36d-a43da3db0245/CVE-2024-8579 - TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 is vulnerable to a critical buffer overflow in the setWiFiRepeaterCfg function of /cgi-bin/cstecgi.cgi, allowing remote attackers to initiate attacks using a manipulated password argument.Product: TOTOLINK AC1200 T8CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8579NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiRepeaterCfg.mdCVE-2024-8584 - Orca HCM from LEARNING DIGITAL is susceptible to unauthorized access, enabling a …

Product: D-Link DI-8100GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44402NVD References: - https://github.com/lonelylonglong/openfile-/blob/main/msp.md/CVE-2024-44402- https://github.com/lonelylonglong/openfile-/blob/main/msp.md/msp.mdCVE-2024-45758 - H2O.ai H2O through 3.46.0.4 allows arbitrary setting of JDBC URL, enabling deserialization attacks, file reads, and command execution by attackers.Product: H2O.ai H2OCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45758NVD References: - https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb- https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068CVE-2024-8517 - SPIP is vulnerable to a command injection issue, allowing remote attackers to execute arbitrary commands via a crafted HTTP request.Product: SPIPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8517NVD References: - https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html- https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/- https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/- https://vulncheck.com/advisories/spip-upload-rceCVE-2024-44838, CVE-2024-44839, & CVE-2024-45771 - RapidCMS v1.3.1 was discovered to contain multiple SQL injection vulnerabilitiesProduct: RapidCMS v1.3.1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44838NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44839NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45771NVD References: https://github.com/OpenRapid/rapidcms/issues/17NVD References: https://github.com/OpenRapid/rapidcms/issues/18CVE-2024-8561 - SourceCodester PHP CRUD 1.0 is vulnerable to critical SQL injection through the deletion functionality in /endpoint/delete.php.Product: Rems PHP CRUDCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8561CVE-2024-8565 - SourceCodesters Clinics Patient Management System 2.0 is vulnerable to a critical SQL injection issue in /print_diseases.php that can be remotely exploited.Product: Oretnom23 Clinics Patient Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8565NVD References: https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-SQLi.mdCVE-2024-8567 - itsourcecode Payroll Management System 1.0 is vulnerable to a critical SQL injection attack through the /ajax.php?action=delete_deductions file, allowing remote attackers to manipulate the id argument.Product: Payroll Management System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8567NVD References: - https://github.com/ppp-src/ha/issues/8- https://itsourcecode.com/CVE-2024-8569 - Hospital Management System 1.0 has a critical vulnerability in user-login.php allowing for remote SQL injection attacks via the username argument.Product: Fabianros Hospital Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8569NVD References: - https://code-projects.org/- https://github.com/teachersongsec/cve/issues/1CVE-2024-6924 - The TrueBooker WordPress plugin before 1.0.3 is vulnerable to SQL injection due to improper sanitisation of parameters in an AJAX action accessible by unauthenticated users.Product: TrueBooker WordPress pluginActive Installations: 300+ (this plugin is closed)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6924NVD References: https://wpscan.com/vulnerability/39e79801-6ec7-4579-bc6b-fd7e899733a8/CVE-2024-6928 - The Opti Marketing WordPress plugin is vulnerable to SQL injection due to unauthenticated users being able to exploit an AJAX action.Product: Opti Marketing WordPress PluginActive Installations: 40+ (this plugin has been closed as of August 8, 2024 and is not available for download)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6928NVD References: https://wpscan.com/vulnerability/7bb9474f-2b9d-4856-b36d-a43da3db0245/CVE-2024-8579 - TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 is vulnerable to a critical buffer overflow in the setWiFiRepeaterCfg function of /cgi-bin/cstecgi.cgi, allowing remote attackers to initiate attacks using a manipulated password argument.Product: TOTOLINK AC1200 T8CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8579NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiRepeaterCfg.mdCVE-2024-8584 - Orca HCM from LEARNING DIGITAL is susceptible to unauthorized access, enabling a remote attacker to create an admin account and gain login privileges.Product: LEARNING DIGITAL Orca HCMCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8584NVD References: - https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html- https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.htmlCVE-2024-37288 - Kibana has a deserialization vulnerability that allows for arbitrary code execution when processing specially crafted YAML payloads, …

Product: H2O.ai H2O

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45758

NVD References:

- https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb

- https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068

Product: SPIP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8517

NVD References:

- https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html

- https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/

- https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/

- https://vulncheck.com/advisories/spip-upload-rce

Product: RapidCMS v1.3.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44838

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44839

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45771

NVD References: https://github.com/OpenRapid/rapidcms/issues/17

NVD References: https://github.com/OpenRapid/rapidcms/issues/18

Product: Rems PHP CRUD

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8561

Product: Oretnom23 Clinics Patient Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8565

NVD References: https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-SQLi.md

Product: Payroll Management System Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8567

NVD References:

- https://github.com/ppp-src/ha/issues/8

- https://itsourcecode.com/

Product: Fabianros Hospital Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8569

NVD References:

- https://code-projects.org/

- https://github.com/teachersongsec/cve/issues/1

Product: TrueBooker WordPress plugin

Active Installations: 300+ (this plugin is closed)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6924

NVD References: https://wpscan.com/vulnerability/39e79801-6ec7-4579-bc6b-fd7e899733a8/

Product: Opti Marketing WordPress Plugin

Active Installations: 40+ (this plugin has been closed as of August 8, 2024 and is not available for download)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6928

NVD References: https://wpscan.com/vulnerability/7bb9474f-2b9d-4856-b36d-a43da3db0245/

Product: TOTOLINK AC1200 T8

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8579

NVD References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiRepeaterCfg.md

Product: LEARNING DIGITAL Orca HCM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8584

NVD References:

- https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html

- https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html

Product: Elastic Kibana

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37288

NVD References: https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119

Product: Joplin note taking and to-do application

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40643

NVD References:

- https://github.com/laurent22/joplin/commit/b220413a9b5ed55fb1f565ac786a5c231da8bc87

- https://github.com/laurent22/joplin/security/advisories/GHSA-g796-3g6g-jmmc

CVE-2024-44721 - SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.

Product: SeaCMS v13.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44721

NVD References: https://github.com/seacms-net/CMS/issues/23

CVE-2024-44849 - Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

Product: Qualitor checkAcesso

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44849

NVD References:

- https://blog.extencil.me/information-security/cves/cve-2024-44849

- https://github.com/extencil/CVE-2024-44849?tab=readme-ov-file

CVE-2024-42500 - HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.

Product: HPE HP-UX System

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42500

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04697en_us&docLocale=en_US

CVE-2024-44902 - A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

Product: ThinkPHP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44902

NVD References:

- http://thinkphp.com

- https://github.com/fru1ts/CVE-2024-44902

CVE-2024-6795 - Connex health portal released before 8/30/2024 is susceptible to SQL injection, enabling unauthorized access to the database for an attacker to modify, disclose, and perform administrative tasks.

Product: Connex health portal

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6795

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

CVE-2024-44410 & CVE-2024-44411 - D-Link DI-8300 v16.07.26A1 command injection vulnerabilities

Product: D-Link DI-8300

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44410

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44411

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44411

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1.md

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1-2.md

NVD References: https://www.dlink.com/en/security-bulletin/

CVE-2024-6342 - Zyxel NAS326 and NAS542 firmware versions through V5.21(AAZF.18)C0 and V5.21(ABAG.15)C0, respectively, are vulnerable to command injection via crafted HTTP POST requests.

Product: Zyxel NAS326 and NAS542 firmware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6342

NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-nas-products-09-10-2024

CVE-2024-6596 - An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

Product: Endress+Hauser AG Multiple Products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6596

NVD References: https://cert.vde.com/en/advisories/VDE-2024-041

CVE-2024-33698 - SIMATIC Information Server 2022, SIMATIC Information Server 2024, SIMATIC PCS neo, SINEC NMS, and TIA Portal versions 16, 17, 18, and 19 are susceptible to a heap-based buffer overflow vulnerability in the integrated UMC component, enabling a remote attacker to execute arbitrary code.

Product: Siemens Totally Integrated Automation Portal (TIA Portal)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33698

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-039007.html

CVE-2024-35783 - SIMATIC BATCH V9.1, SIMATIC Information Server 2020, SIMATIC Information Server 2022, SIMATIC PCS 7 V9.1, SIMATIC Process Historian 2020, SIMATIC Process Historian 2022, SIMATIC WinCC Runtime Professional V18, SIMATIC WinCC Runtime Professional V19, SIMATIC WinCC V7.4, SIMATIC WinCC V7.5, and SIMATIC WinCC V8.0 are vulnerable to an elevation of privilege attack allowing an authenticated attacker to execute arbitrary OS commands with administrative privileges.

Product: Siemens SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35783

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-629254.html

CVE-2024-45032 - Industrial Edge Management Pro and Industrial Edge Management Virtual versions prior to V1.9.5 and V2.3.1-1, respectively, are vulnerable to impersonation attacks due to improper validation of device tokens by affected components.

Product: Siemens Industrial Edge Management

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45032

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-359713.html

CVE-2024-40754 - Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.

Product: Samsung Escargot JavaScript Engine

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40754

NVD References: https://github.com/Samsung/escargot/pull/1369

CVE-2023-37226, CVE-2023-37227, & CVE-2023-37231 - Loftware Spectrum multiple vulnerabilities

Product: Loftware Spectrum

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37226 (Missing Authentication for a Critical Function)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37227 (Deserialization of Untrusted Data)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37231 (Hard-coded Password)

NVD References:

- https://code-white.com

- https://code-white.com/public-vulnerability-list/

- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm

CVE-2024-44677 - Eladmin v2.7 and before is vulnerable to SSRF, enabling attackers to execute arbitrary code through DatabaseController.java.

Product: eladmin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44677

NVD References:

- https://github.com/elunez/eladmin

- https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md

CVE-2024-45593 - Nix package manager version 2.24 prior to 2.24.6 allows malicious users to write to arbitrary file system locations with root permissions.

Product: Nix package Manager

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45593

NVD References:

- https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59

- https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493

CVE-2024-38119 - Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

Product: Microsoft Windows Network Address Translation (NAT)

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38119

ISC Diary: https://isc.sans.edu/diary/31254

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38119

CVE-2024-44893 - An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.

Product: JimuSoftware JimuReport

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44893

NVD References: https://github.com/jeecgboot/JimuReport/issues/2904

CVE-2024-45409 - Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 allows an unauthenticated attacker to forge a SAML Response and log in as an arbitrary user.

Product: Ruby-SAML

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45409

NVD References:

- https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae

- https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7

- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2

CVE-2024-8503 - VICIdial is vulnerable to time-based SQL injection, allowing attackers to access plaintext credentials stored in the database.

Product: VICIdial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8503

NVD References:

- https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt

- https://www.vicidial.org/vicidial.php

CVE-2021-20124 - Draytek VigorConnect 1.6.0-B3 is vulnerable to local file inclusion in its WebServlet endpoint, allowing unauthenticated attackers to download files from the operating system with root privileges.

Product: Draytek VigorConnect 1.6.0

CVSS Score: 0

** KEV since 2024-09-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-20124

CVE-2017-1000253 - Linux distributions that have not patched their long-term kernels with commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 are vulnerable to an address mapping flaw in load_elf_binary() that could potentially allow for unauthorized access to memory.

Product: Linux Kernel

CVSS Score: 0

** KEV since 2024-09-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-1000253

Product: Qualitor checkAcesso

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44849

NVD References:

- https://blog.extencil.me/information-security/cves/cve-2024-44849

- https://github.com/extencil/CVE-2024-44849?tab=readme-ov-file

CVE-2024-42500 - HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.

Product: HPE HP-UX System

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42500

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04697en_us&docLocale=en_US

CVE-2024-44902 - A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

Product: ThinkPHP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44902

NVD References:

- http://thinkphp.com

- https://github.com/fru1ts/CVE-2024-44902

CVE-2024-6795 - Connex health portal released before 8/30/2024 is susceptible to SQL injection, enabling unauthorized access to the database for an attacker to modify, disclose, and perform administrative tasks.

Product: Connex health portal

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6795

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

CVE-2024-44410 & CVE-2024-44411 - D-Link DI-8300 v16.07.26A1 command injection vulnerabilities

Product: D-Link DI-8300

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44410

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44411

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44411

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1.md

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1-2.md

NVD References: https://www.dlink.com/en/security-bulletin/

CVE-2024-6342 - Zyxel NAS326 and NAS542 firmware versions through V5.21(AAZF.18)C0 and V5.21(ABAG.15)C0, respectively, are vulnerable to command injection via crafted HTTP POST requests.

Product: Zyxel NAS326 and NAS542 firmware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6342

NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-nas-products-09-10-2024

CVE-2024-6596 - An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

Product: Endress+Hauser AG Multiple Products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6596

NVD References: https://cert.vde.com/en/advisories/VDE-2024-041

CVE-2024-33698 - SIMATIC Information Server 2022, SIMATIC Information Server 2024, SIMATIC PCS neo, SINEC NMS, and TIA Portal versions 16, 17, 18, and 19 are susceptible to a heap-based buffer overflow vulnerability in the integrated UMC component, enabling a remote attacker to execute arbitrary code.

Product: Siemens Totally Integrated Automation Portal (TIA Portal)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33698

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-039007.html

CVE-2024-35783 - SIMATIC BATCH V9.1, SIMATIC Information Server 2020, SIMATIC Information Server 2022, SIMATIC PCS 7 V9.1, SIMATIC Process Historian 2020, SIMATIC Process Historian 2022, SIMATIC WinCC Runtime Professional V18, SIMATIC WinCC Runtime Professional V19, SIMATIC WinCC V7.4, SIMATIC WinCC V7.5, and SIMATIC WinCC V8.0 are vulnerable to an elevation of privilege attack allowing an authenticated attacker to execute arbitrary OS commands with administrative privileges.

Product: Siemens SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35783

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-629254.html

CVE-2024-45032 - Industrial Edge Management Pro and Industrial Edge Management Virtual versions prior to V1.9.5 and V2.3.1-1, respectively, are vulnerable to impersonation attacks due to improper validation of device tokens by affected components.

Product: Siemens Industrial Edge Management

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45032

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-359713.html

CVE-2024-40754 - Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.

Product: Samsung Escargot JavaScript Engine

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40754

NVD References: https://github.com/Samsung/escargot/pull/1369

CVE-2023-37226, CVE-2023-37227, & CVE-2023-37231 - Loftware Spectrum multiple vulnerabilities

Product: Loftware Spectrum

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37226 (Missing Authentication for a Critical Function)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37227 (Deserialization of Untrusted Data)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37231 (Hard-coded Password)

NVD References:

- https://code-white.com

- https://code-white.com/public-vulnerability-list/

- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm

CVE-2024-44677 - Eladmin v2.7 and before is vulnerable to SSRF, enabling attackers to execute arbitrary code through DatabaseController.java.

Product: eladmin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44677

NVD References:

- https://github.com/elunez/eladmin

- https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md

CVE-2024-45593 - Nix package manager version 2.24 prior to 2.24.6 allows malicious users to write to arbitrary file system locations with root permissions.

Product: Nix package Manager

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45593

NVD References:

- https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59

- https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493

CVE-2024-38119 - Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

Product: Microsoft Windows Network Address Translation (NAT)

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38119

ISC Diary: https://isc.sans.edu/diary/31254

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38119

CVE-2024-44893 - An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.

Product: JimuSoftware JimuReport

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44893

NVD References: https://github.com/jeecgboot/JimuReport/issues/2904

CVE-2024-45409 - Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 allows an unauthenticated attacker to forge a SAML Response and log in as an arbitrary user.

Product: Ruby-SAML

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45409

NVD References:

- https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae

- https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7

- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2

CVE-2024-8503 - VICIdial is vulnerable to time-based SQL injection, allowing attackers to access plaintext credentials stored in the database.

Product: VICIdial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8503

NVD References:

- https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt

- https://www.vicidial.org/vicidial.php

CVE-2021-20124 - Draytek VigorConnect 1.6.0-B3 is vulnerable to local file inclusion in its WebServlet endpoint, allowing unauthenticated attackers to download files from the operating system with root privileges.

Product: Draytek VigorConnect 1.6.0

CVSS Score: 0

** KEV since 2024-09-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-20124

CVE-2017-1000253 - Linux distributions that have not patched their long-term kernels with commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 are vulnerable to an address mapping flaw in load_elf_binary() that could potentially allow for unauthorized access to memory.

Product: Linux Kernel

CVSS Score: 0

** KEV since 2024-09-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-1000253

Product: HPE HP-UX System

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42500

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04697en_us&docLocale=en_US

Product: ThinkPHP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44902

NVD References:

- http://thinkphp.com

- https://github.com/fru1ts/CVE-2024-44902

Product: Connex health portal

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6795

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

Product: D-Link DI-8300

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44410

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44411

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44411

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1.md

NVD References: https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1-2.md

NVD References: https://www.dlink.com/en/security-bulletin/

Product: Zyxel NAS326 and NAS542 firmware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6342

NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-nas-products-09-10-2024

Product: Endress+Hauser AG Multiple Products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6596

NVD References: https://cert.vde.com/en/advisories/VDE-2024-041

Product: Siemens Totally Integrated Automation Portal (TIA Portal)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33698

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Product: Siemens SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35783

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-629254.html

Product: Siemens Industrial Edge Management

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45032

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-359713.html

Product: Samsung Escargot JavaScript Engine

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40754

NVD References: https://github.com/Samsung/escargot/pull/1369

Product: Loftware Spectrum

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37226 (Missing Authentication for a Critical Function)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37227 (Deserialization of Untrusted Data)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37231 (Hard-coded Password)

NVD References:

- https://code-white.com

- https://code-white.com/public-vulnerability-list/

- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm

Product: eladmin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44677

NVD References:

- https://github.com/elunez/eladmin

- https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md

Product: Nix package Manager

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45593

NVD References:

- https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59

- https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493

Product: Microsoft Windows Network Address Translation (NAT)

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38119

ISC Diary: https://isc.sans.edu/diary/31254

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38119

Product: JimuSoftware JimuReport

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44893

NVD References: https://github.com/jeecgboot/JimuReport/issues/2904

Product: Ruby-SAML

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45409

NVD References:

- https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae

- https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7

- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2

Product: VICIdial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8503

NVD References:

- https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt

- https://www.vicidial.org/vicidial.php

Product: Draytek VigorConnect 1.6.0

CVSS Score: 0

** KEV since 2024-09-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-20124

Product: Linux Kernel

CVSS Score: 0

** KEV since 2024-09-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-1000253