SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 37
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Python Infostealer Patching Windows Exodus App
Published: 2024-09-18.
Last Updated: 2024-09-18 07:43:00 UTC
by Xavier Mertens (Version: 1)
A few months ago, I wrote a diary[1] about a Python script that replaced the Exodus[2] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic applications that may handle sensitive information. Cryptocurrency wallets are another category of applications that are juicy for attackers. I spotted again an interesting malware that mimics an Exodus wallet by displaying a small GUI ...
https://isc.sans.edu/diary/Python+Infostealer+Patching+Windows+Exodus+App/31276/
Finding Honeypot Data Clusters Using DBSCAN: Part 2
Published: 2024-09-13.
Last Updated: 2024-09-13 14:45:14 UTC
by Jesse La Grew (Version: 1)
In an earlier diary, I reviewed how using tools like DBSCAN can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie and URL paths submitted to the DShield web honeypot. DBSCAN was very helpful to group similar commands, but it was also very useful when trying to determine whether commands from one honeypot were seen in another. How much overlap in attack data is there between honeypots? Is there any targeting based on the hosting location of the honeypot?
Once the data is separated into clusters and the appropriate EPS and Minsample values are selected, comparing the data in a table can help highlight differences ...
https://isc.sans.edu/diary/Finding+Honeypot+Data+Clusters+Using+DBSCAN+Part+2/31194/
Hygiene, Hygiene, Hygiene! [Guest Diary]
Published: 2024-09-11.
Last Updated: 2024-09-12 22:38:15 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Paul Olson, an ISC intern as part of the SANS.edu BACS program]
Introduction
Starting my internship with SANS Internet Storm Center was daunting from the aspect of being unsure of what to expect. Over the years I’ve completed several SANS courses and have become comfortable with that experience; there is a flow to the courses and the SANS instructors exceed my expectations. In this respect, the ISC Internship is a completely different animal; it presents a more hands-on learning opportunity, requires more self-reliance, and provides a greater element of unpredictability than I have found in SANS course labs. With more of the Internship work behind me than in front of me I can say that I have gotten more out of this internship than I have from other similar experiences.
Some of my concerns were about the ‘unknown unknowns’. Setting up the DShield honeypot [3] was straightforward exercise; my biggest worry was meeting the objectives of the Internship. Over the years that I have had broadband Internet I have periodically reviewed the logs generated by my home firewall. The firewall logs didn’t provide a wealth of information (event time, source and destination IP, protocol and ports involved, etc.). My concern became “How am I going to produce seven attack observation reports out of this? Who is going to bother with this device connected in a basement to a broadband network in North Dakota, US?”.
As it turns out that wasn’t going to be an issue. This newly-minted honeypot was remotely interacted with over 1,600 times from 169 distinct IP addresses on the first day; the device currently averages 17,000 probes daily. Reviewing the honeypot logs, one of the first lessons I learned from the Internship is that there are vast differences between a single-dimension firewall log and the level of detail in the data the honeypot captures when it is probed.
https://isc.sans.edu/diary/Hygiene+Hygiene+Hygiene+Guest+Diary/31260/
Internet Storm Center Entries
23:59, Time to Exfiltrate! (2024.09.17)
https://isc.sans.edu/diary/2359+Time+to+Exfiltrate/31272/
Managing PE Files With Overlays (2024.09.16)
https://isc.sans.edu/diary/Managing+PE+Files+With+Overlays/31268/
YARA-X's Dump Command (2024.09.15)
https://isc.sans.edu/diary/YARAXs+Dump+Command/31264/
YARA 4.5.2 Release (2024.09.14)
https://isc.sans.edu/diary/YARA+452+Release/31258/
Python Libraries Used for Malicious Purposes (2024.09.11)
https://isc.sans.edu/diary/Python+Libraries+Used+for+Malicious+Purposes/31248/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-43461 - Windows MSHTML Platform Spoofing Vulnerability
Product: Microsoft Windows 10 1507
CVSS Score: 8.8
** KEV since 2024-09-16 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43461
ISC Podcast: https://isc.sans.edu/podcastdetail/9140
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461
CVE-2024-43491 - Servicing Stack in Windows 10 version 1507 has a vulnerability that could allow attackers to exploit previously mitigated vulnerabilities on systems with specific security updates installed.
Product: Microsoft Windows 10 1507
CVSS Score: 9.8
** KEV since 2024-09-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43491
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491
CVE-2024-8190 - Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before is vulnerable to an OS command injection that allows a remote authenticated attacker to achieve remote code execution with admin level privileges.
Product: Ivanti Cloud Services Appliance
CVSS Score: 7.2
** KEV since 2024-09-13 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8190
ISC Podcast: https://isc.sans.edu/podcastdetail/9138
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190
CVE-2024-29847 - Ivanti EPM before 2022 SU6, or the 2024 September update, is vulnerable to remote unauthenticated code execution through deserialization of untrusted data in the agent portal.
Product: Ivanti Endpoint Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29847
ISC Podcast: https://isc.sans.edu/podcastdetail/9138
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022
CVE-2024-8191 - Ivanti EPM before 2022 SU6 or 2024 September update is vulnerable to SQL injection, enabling remote unauthenticated attackers to achieve remote code execution.
Product: Ivanti Endpoint Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8191
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022
CVE-2024-38014 - Windows Installer Elevation of Privilege Vulnerability
Product: Microsoft Windows 10 1507
CVSS Score: 7.8
** KEV since 2024-09-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38014
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014
CVE-2024-38226 - Microsoft Publisher Security Feature Bypass Vulnerability
Product: Microsoft Office
CVSS Score: 7.3
** KEV since 2024-09-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38226
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226
CVE-2024-38217 - Windows Mark of the Web Security Feature Bypass Vulnerability
Product: Microsoft Windows 10 1507
CVSS Score: 5.4
** KEV since 2024-09-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38217
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217
CVE-2024-6342 - Zyxel NAS326 and NAS542 firmware versions through V5.21(AAZF.18)C0 and V5.21(ABAG.15)C0, respectively, are vulnerable to command injection via crafted HTTP POST requests.
CVE-2024-6596 - An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
Product: Microsoft Windows
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6596
NVD References: https://cert.vde.com/en/advisories/VDE-2024-041
CVE-2024-39581 - Dell PowerScale InsightIQ, versions 5.0 through 5.1, has a vulnerability where external parties can access files or directories, allowing for unauthorized reading, modification, and deletion of files by remote attackers.
CVE-2024-39583 - Dell PowerScale InsightIQ versions 5.0 through 5.1 are vulnerable to a Use of a Broken or Risky Cryptographic Algorithm flaw, allowing unauthenticated attackers with remote access to potentially elevate privileges.
CVE-2024-33698 - SIMATIC Information Server 2022, SIMATIC Information Server 2024, SIMATIC PCS neo, SINEC NMS, and TIA Portal versions 16, 17, 18, and 19 are susceptible to a heap-based buffer overflow vulnerability in the integrated UMC component, enabling a remote attacker to execute arbitrary code.
Product: Siemens Totally Integrated Automation Portal (TIA Portal)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33698
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-039007.html
CVE-2024-35783 - SIMATIC BATCH V9.1, SIMATIC Information Server 2020, SIMATIC Information Server 2022, SIMATIC PCS 7 V9.1, SIMATIC Process Historian 2020, SIMATIC Process Historian 2022, SIMATIC WinCC Runtime Professional V18, SIMATIC WinCC Runtime Professional V19, SIMATIC WinCC V7.4, SIMATIC WinCC V7.5, and SIMATIC WinCC V8.0 are vulnerable to an elevation of privilege attack allowing an authenticated attacker to execute arbitrary OS commands with administrative privileges.
Product: Siemens SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35783
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-629254.html
CVE-2024-45032 - Industrial Edge Management Pro and Industrial Edge Management Virtual versions prior to V1.9.5 and V2.3.1-1, respectively, are vulnerable to impersonation attacks due to improper validation of device tokens by affected components.
Product: Siemens Industrial Edge Management
CVSS Score: 10.0 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45032
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-359713.html
CVE-2024-40754 - Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.
Product: Samsung Escargot
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40754
NVD References: https://github.com/Samsung/escargot/pull/1369
CVE-2023-37226 - Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
Product: Loftware Spectrum
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37226
NVD References:
- https://code-white.com/public-vulnerability-list/
- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm
CVE-2023-37227 - Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.
Product: Loftware Spectrum
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37227
NVD References:
- https://code-white.com/public-vulnerability-list/
- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF13.htm
CVE-2023-37231 - Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
Product: Loftware Spectrum
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37231
NVD References:
- https://code-white.com/public-vulnerability-list/
- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm
CVE-2024-44677 - Eladmin v2.7 and before is vulnerable to SSRF, enabling attackers to execute arbitrary code through DatabaseController.java.
Product: Aladdin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44677
NVD References:
- https://github.com/elunez/eladmin
- https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md
CVE-2024-45593 - Nix package manager version 2.24 prior to 2.24.6 allows malicious users to write to arbitrary file system locations with root permissions.
Product: Nix
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45593
NVD References:
- https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59
- https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493
CVE-2024-38194 - An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
Product: Microsoft Azure Web Apps
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38194
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38194
CVE-2024-38216 & CVE-2024-38220 - Azure Stack Hub Elevation of Privilege Vulnerabilities
Product: Microsoft Azure Stack Hub
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38216
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38220
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38216
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220
CVE-2024-38225 - Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Product: Microsoft Dynamics 365 Business Central
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38225
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38225
CVE-2024-38240 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Product: Microsoft Windows 10 1507
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38240
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38240
CVE-2024-43455 - Windows Remote Desktop Licensing Service Spoofing Vulnerability
Product: Microsoft Windows Server 2008
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43455
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43455
CVE-2024-44893 - An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.
Product: JimuSoftware JimuReport
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44893
NVD References: https://github.com/jeecgboot/JimuReport/issues/2904
CVE-2024-45409 - Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 allows an unauthenticated attacker to forge a SAML Response and log in as an arbitrary user.
Product: Ruby-SAML
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45409
NVD References:
- https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
- https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
- https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
CVE-2024-43040 - Renwoxing Enterprise Intelligent Management System before v3.0 is vulnerable to SQL injection via the parid parameter at /fx/baseinfo/SearchInfo.
Product: Renwoxing Enterprise Intelligent Management System
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43040
NVD References: https://gist.github.com/X1lyS/75a8ea48c4997b683e8b41c94e79e5f9
CVE-2024-8503 - VICIdial is vulnerable to time-based SQL injection, allowing attackers to access plaintext credentials stored in the database.
Product: VICIdial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8503
NVD References:
- https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt
CVE-2019-25212 - The video carousel slider plugin for WordPress is vulnerable to SQL Injection in versions up to 1.0.6, allowing authenticated attackers to extract sensitive data.
Product: WordPress video carousel slider with lightbox plugin
Active Installations: 1,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25212
NVD References:
- https://wordpress.org/plugins/wp-responsive-video-gallery-with-lightbox
CVE-2024-8277 - The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as an administrator or any user with a valid user transient.
Product: WooCommerce Photo Reviews Premium (plugin)
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8277
NVD References:
- https://codecanyon.net/item/woocommerce-photo-reviews/21245349
CVE-2024-27114 - SO Planning online planning tool is vulnerable to unauthenticated Remote Code Execution (RCE) allowing attackers to upload and execute PHP files if public view setting is enabled, until version 1.52.02 was released to fix the issue.
Product: SO Planning online planning tool
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27114
NVD References: https://csirt.divd.nl/CVE-2024-27114
CVE-2024-44466 - COMFAST CF-XR11 V2.7.2 is vulnerable to command injection via POST requests to /usr/bin/webmgnt.
Product: Comfast CF-XR11
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44466
NVD References: https://github.com/CurryRaid/iot_vul/tree/main/comfast
CVE-2024-44541 - evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."
Product: evilnapsis Inventio Lite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44541
NVD References:
CVE-2024-28990 - SolarWinds Access Rights Manager (ARM) contains a hard-coded credential authentication bypass vulnerability that allows unauthorized access to the RabbitMQ management console.
Product: Solarwinds Access Rights Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28990
NVD References:
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28990
CVE-2024-40457 - No-IP Dynamic Update Client (DUC) v3.x is vulnerable to cleartext credential exposure through command line arguments or in configuration files.
Product: No-IP Dynamic Update Client (DUC)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40457
NVD References:
- https://www.noip.com/support/knowledgebase/install-linux-3-x-dynamic-update-client-duc
- https://www.noip.com/support/knowledgebase/running-linux-duc-v3-0-startup-2
CVE-2024-45824 - IMPACT
Product: Nozomi Networks SCADAguardian
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45824
NVD References: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html
CVE-2024-2743 - GitLab-EE versions 13.3 to 17.3.2 allow unauthorized attackers to modify on-demand DAST scans and leak variables.
Product: GitLab-EE
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2743
NVD References:
CVE-2024-6678 - GitLab CE/EE allows an attacker to trigger a pipeline as an arbitrary user in versions 8.14 to 17.3.2.
Product: GitLab CE/EE
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6678
NVD References:
CVE-2024-8695 & CVE-2024-8696 - Docker Desktop is vulnerable to remote code execution.
Product: Docker Desktop
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8695
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8696
NVD References: https://docs.docker.com/desktop/release-notes/#4342
CVE-2024-34334 - ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
Product: ORDAT FOSS-Online
CVSS Score: 9.3 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34334
NVD References:
- https://mind-bytes.de/sql-injection-in-foss-online-cve-2024-34334/
CVE-2024-41874 - ColdFusion versions 2023.9, 2021.15 and earlier have a Deserialization of Untrusted Data vulnerability that allows arbitrary code execution without user interaction.
Product: Adobe ColdFusion 2021
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41874
NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html
CVE-2024-44430 - Best Free Law Office Management Software-v1.0 is vulnerable to SQL Injection, allowing attackers to execute arbitrary code and access sensitive information through a crafted payload.
Product: Best Free Law Office Management Software
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44430
NVD References:
- https://blog.csdn.net/samwbs/article/details/140954482
- https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md
CVE-2024-8039 - Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
Product: AFMobi Boomplayer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8039
NVD References:
CVE-2024-8669 - The Backuply plugin for WordPress is vulnerable to SQL Injection, allowing authenticated attackers with administrator-level access to extract sensitive information from the database.
Product: The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress
Active Installations: 200,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8669
NVD References:
- https://plugins.trac.wordpress.org/browser/backuply/trunk/functions.php#L1477
CVE-2024-8762 - Code-projects Crud Operation System 1.0 is vulnerable to a critical SQL injection attack through the argument sid in /updatedata.php, allowing for remote exploitation.
Product: Code-Projects Crud Operation System
CVSS Score: 9.8
NVD:
- https://nvd.nist.gov/vuln/detail/CVE-2024-8762
- https://github.com/Kangsiyuan/1/issues/1
CVE-2024-8868 - Code-projects Crud Operation System 1.0 is vulnerable to a critical sql injection issue in the file savedata.php through the argument sname.
Product: Code-Projects Crud Operation System
CVSS Score: 9.8
NVD:
- https://nvd.nist.gov/vuln/detail/CVE-2024-8868
- https://github.com/ppp-src/a/issues/7
CVE-2024-46918 - MISP allows org admins to view sensitive login fields of other org admins in the same org before version 2.4.198.
Product: MISP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46918
NVD References:
- https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
- https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198
CVE-2024-46942 - OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1 allows a controller with a follower role to configure flow entries in a clustering deployment.
Product: OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46942
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html
- https://doi.org/10.48550/arXiv.2408.16940
- https://lf-opendaylight.atlassian.net/browse/MDSAL-869
CVE-2024-46943 - OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3 allows a rogue controller to impersonate an offline peer by joining a cluster without possessing complete configuration information.
Product: OpenDaylight Authentication, Authorization and Accounting (AAA)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46943
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html
- https://doi.org/10.48550/arXiv.2408.16940
- https://lf-opendaylight.atlassian.net/browse/AAA-285
CVE-2024-45694 & CVE-2024-45695 - Certain models of D-Link wireless routers are susceptible to Stack-based Buffer Overflow vulnerabilities, enabling unauthenticated remote attackers to execute arbitrary code on the device.
Product: Dlink Dir-X5460 and D-Link Dir-X4860
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45694
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45695
NVD References:
- https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
- https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html
- https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html
- https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html
CVE-2024-45697 - D-Link wireless routers have a hidden telnet service vulnerability that allows unauthorized remote attackers to execute OS commands using hard-coded credentials.
Product: D-Link wireless routers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45697
NVD References:
- https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
- https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html
CVE-2024-22399 - Apache Seata is vulnerable to deserialization of untrusted data when authentication is disabled on the Seata-Server and the Seata client SDK dependencies are not used, allowing for the construction of malicious requests using bytecode based on the Seata private protocol.
Product: Apache Seata
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22399
NVD References: https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4
CVE-2024-46451 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46451
NVD References: https://github.com/offshore0315/loT-vulnerable/blob/main/TOTOLINK/AC1200%20T8/setWiFiAclRules.md
CVE-2024-46419 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46419
NVD References: https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md
CVE-2024-46937 - MFASOFT Secure Authentication Server (SAS) versions 1.8.x through 1.9.x before 1.9.040924 allows remote attackers to access user tokens without authentication by brute-forcing the serial parameter.
Product: MFASOFT Secure Authentication Server (SAS)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46937
NVD References:
- https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server
CVE-2024-45496 - OpenShift is vulnerable to arbitrary command execution due to misuse of elevated privileges in the build process, allowing an attacker to escalate permissions on the worker node.
Product: Red Hat OpenShift
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45496
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-45496
- https://bugzilla.redhat.com/show_bug.cgi?id=2308661
CVE-2024-7387 - Openshift/builder is vulnerable to command injection via path traversal allowing an attacker to execute arbitrary commands on the OpenShift node.
Product: Red Hat Openshift/builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-7387
- https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
CVE-2024-8868 - Code-projects Crud Operation System 1.0 is vulnerable to a critical sql injection issue in the file savedata.php through the argument sname.
Product: Code-Projects Crud Operation System
CVSS Score: 9.8
NVD:
- https://nvd.nist.gov/vuln/detail/CVE-2024-8868
- https://github.com/ppp-src/a/issues/7
CVE-2024-46918 - MISP allows org admins to view sensitive login fields of other org admins in the same org before version 2.4.198.
Product: MISP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46918
NVD References:
- https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
- https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198
CVE-2024-46942 - OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1 allows a controller with a follower role to configure flow entries in a clustering deployment.
Product: OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46942
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html
- https://doi.org/10.48550/arXiv.2408.16940
- https://lf-opendaylight.atlassian.net/browse/MDSAL-869
CVE-2024-46943 - OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3 allows a rogue controller to impersonate an offline peer by joining a cluster without possessing complete configuration information.
Product: OpenDaylight Authentication, Authorization and Accounting (AAA)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46943
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html
- https://doi.org/10.48550/arXiv.2408.16940
- https://lf-opendaylight.atlassian.net/browse/AAA-285
CVE-2024-45694 & CVE-2024-45695 - Certain models of D-Link wireless routers are susceptible to Stack-based Buffer Overflow vulnerabilities, enabling unauthenticated remote attackers to execute arbitrary code on the device.
Product: Dlink Dir-X5460 and D-Link Dir-X4860
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45694
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45695
NVD References:
- https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
- https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html
- https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html
- https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html
CVE-2024-45697 - D-Link wireless routers have a hidden telnet service vulnerability that allows unauthorized remote attackers to execute OS commands using hard-coded credentials.
Product: D-Link wireless routers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45697
NVD References:
- https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
- https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html
CVE-2024-22399 - Apache Seata is vulnerable to deserialization of untrusted data when authentication is disabled on the Seata-Server and the Seata client SDK dependencies are not used, allowing for the construction of malicious requests using bytecode based on the Seata private protocol.
Product: Apache Seata
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22399
NVD References: https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4
CVE-2024-46451 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46451
NVD References: https://github.com/offshore0315/loT-vulnerable/blob/main/TOTOLINK/AC1200%20T8/setWiFiAclRules.md
CVE-2024-46419 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46419
NVD References: https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md
CVE-2024-46937 - MFASOFT Secure Authentication Server (SAS) versions 1.8.x through 1.9.x before 1.9.040924 allows remote attackers to access user tokens without authentication by brute-forcing the serial parameter.
Product: MFASOFT Secure Authentication Server (SAS)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46937
NVD References:
- https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server
CVE-2024-45496 - OpenShift is vulnerable to arbitrary command execution due to misuse of elevated privileges in the build process, allowing an attacker to escalate permissions on the worker node.
Product: Red Hat OpenShift
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45496
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-45496
- https://bugzilla.redhat.com/show_bug.cgi?id=2308661
CVE-2024-7387 - Openshift/builder is vulnerable to command injection via path traversal allowing an attacker to execute arbitrary commands on the OpenShift node.
Product: Red Hat Openshift/builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-7387
- https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
CVE-2024-46918 - MISP allows org admins to view sensitive login fields of other org admins in the same org before version 2.4.198.
Product: MISP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46918
NVD References:
- https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
CVE-2024-46942 - OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1 allows a controller with a follower role to configure flow entries in a clustering deployment.
Product: OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46942
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html
CVE-2024-46943 - OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3 allows a rogue controller to impersonate an offline peer by joining a cluster without possessing complete configuration information.
Product: OpenDaylight Authentication, Authorization and Accounting (AAA)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46943
NVD References:
- https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html
CVE-2024-45694 & CVE-2024-45695 - Certain models of D-Link wireless routers are susceptible to Stack-based Buffer Overflow vulnerabilities, enabling unauthenticated remote attackers to execute arbitrary code on the device.
Product: Dlink Dir-X5460 and D-Link Dir-X4860
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45694
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45695
NVD References:
- https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
- https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html
CVE-2024-45697 - D-Link wireless routers have a hidden telnet service vulnerability that allows unauthorized remote attackers to execute OS commands using hard-coded credentials.
Product: D-Link wireless routers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45697
NVD References:
CVE-2024-22399 - Apache Seata is vulnerable to deserialization of untrusted data when authentication is disabled on the Seata-Server and the Seata client SDK dependencies are not used, allowing for the construction of malicious requests using bytecode based on the Seata private protocol.
Product: Apache Seata
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22399
NVD References: https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4
CVE-2024-46451 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46451
NVD References: https://github.com/offshore0315/loT-vulnerable/blob/main/TOTOLINK/AC1200%20T8/setWiFiAclRules.md
CVE-2024-46419 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
Product: TOTOLINK T8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46419
NVD References: https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md
CVE-2024-46937 - MFASOFT Secure Authentication Server (SAS) versions 1.8.x through 1.9.x before 1.9.040924 allows remote attackers to access user tokens without authentication by brute-forcing the serial parameter.
Product: MFASOFT Secure Authentication Server (SAS)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46937
NVD References:
- https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server
CVE-2024-45496 - OpenShift is vulnerable to arbitrary command execution due to misuse of elevated privileges in the build process, allowing an attacker to escalate permissions on the worker node.
Product: Red Hat OpenShift
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45496
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-45496
- https://bugzilla.redhat.com/show_bug.cgi?id=2308661
CVE-2024-7387 - Openshift/builder is vulnerable to command injection via path traversal allowing an attacker to execute arbitrary commands on the OpenShift node.
Product: Red Hat Openshift/builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-7387
- https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
CVE-2024-7387 - Openshift/builder is vulnerable to command injection via path traversal allowing an attacker to execute arbitrary commands on the OpenShift node.
Product: Red Hat Openshift/builder
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387
NVD References:
- https://access.redhat.com/security/cve/CVE-2024-7387
- https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.
Product: Arduino arduino-esp32
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798
NVD References:
- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- https://securitylab.github.com/research/github-actions-untrusted-input
CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.
Product: PTZOptics PT30X-SDI/NDI-xx
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956
NVD References: https://ptzoptics.com/firmware-changelog/
NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.
Product: highwarden Super Store Finder
Active Installations: unknown
CVSS Score: 9.3 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976
CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.
Product: WPTaskForce WPCargo Track & Trace
Active Installations: 10,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004
NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
Sponsors
SANS
Webcast: SANS 2024 ICS/OT Survey: The State of ICS/OT Cybersecurity | Wednesday, October 9, 10:30 AM ET | SANS Certified Instructor, Jason Christopher, explores the growing trends in cyber threats, vulnerabilities, and risks across industrial environments, including actionable recommendations for how organizations can improve their security posture.
Sevco Security
How would you fix 80,000 vulnerabilities? With Sevco, an S&P 500 company realized only a small number of devices needed patches to resolve those vulns.
Fortinet, Inc.
Webcast: General Quarters! The Impact of Cybersecurity on the Maritime Industry | Thursday, October 17, 11:30 ET | In this webcast, SANS experts will explore the critical role of cybersecurity in safeguarding maritime operations. Save your seat today!
SANS
Webcast: SANS 2024 ICS/OT Survey: The State of ICS/OT Cybersecurity | Wednesday, October 9, 10:30 AM ET | SANS Certified Instructor, Jason Christopher, explores the growing trends in cyber threats, vulnerabilities, and risks across industrial environments, including actionable recommendations for how organizations can improve their security posture.