@RISK

The Consensus Security Vulnerability Alert

September 19, 2024  |  Vol. 24, Num. 37

Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Python Infostealer Patching Windows Exodus App

Published: 2024-09-18.

Last Updated: 2024-09-18 07:43:00 UTC

by Xavier Mertens (Version: 1)

A few months ago, I wrote a diary[1] about a Python script that replaced the Exodus[2] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic applications that may handle sensitive information. Cryptocurrency wallets are another category of applications that are juicy for attackers. I spotted again an interesting malware that mimics an Exodus wallet by displaying a small GUI ...

https://isc.sans.edu/diary/Python+Infostealer+Patching+Windows+Exodus+App/31276/

Finding Honeypot Data Clusters Using DBSCAN: Part 2

Published: 2024-09-13.

Last Updated: 2024-09-13 14:45:14 UTC

by Jesse La Grew (Version: 1)

In an earlier diary, I reviewed how using tools like DBSCAN can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie and URL paths submitted to the DShield web honeypot. DBSCAN was very helpful to group similar commands, but it was also very useful when trying to determine whether commands from one honeypot were seen in another. How much overlap in attack data is there between honeypots? Is there any targeting based on the hosting location of the honeypot?

Once the data is separated into clusters and the appropriate EPS and Minsample values are selected, comparing the data in a table can help highlight differences ...

https://isc.sans.edu/diary/Finding+Honeypot+Data+Clusters+Using+DBSCAN+Part+2/31194/

Hygiene, Hygiene, Hygiene! [Guest Diary]

Published: 2024-09-11.

Last Updated: 2024-09-12 22:38:15 UTC

by Guy Bruneau (Version: 1)

[This is a Guest Diary by Paul Olson, an ISC intern as part of the SANS.edu BACS program]

Introduction

Starting my internship with SANS Internet Storm Center was daunting from the aspect of being unsure of what to expect. Over the years I’ve completed several SANS courses and have become comfortable with that experience; there is a flow to the courses and the SANS instructors exceed my expectations. In this respect, the ISC Internship is a completely different animal; it presents a more hands-on learning opportunity, requires more self-reliance, and provides a greater element of unpredictability than I have found in SANS course labs. With more of the Internship work behind me than in front of me I can say that I have gotten more out of this internship than I have from other similar experiences.

Some of my concerns were about the ‘unknown unknowns’. Setting up the DShield honeypot [3] was straightforward exercise; my biggest worry was meeting the objectives of the Internship. Over the years that I have had broadband Internet I have periodically reviewed the logs generated by my home firewall. The firewall logs didn’t provide a wealth of information (event time, source and destination IP, protocol and ports involved, etc.). My concern became “How am I going to produce seven attack observation reports out of this? Who is going to bother with this device connected in a basement to a broadband network in North Dakota, US?”.

As it turns out that wasn’t going to be an issue. This newly-minted honeypot was remotely interacted with over 1,600 times from 169 distinct IP addresses on the first day; the device currently averages 17,000 probes daily. Reviewing the honeypot logs, one of the first lessons I learned from the Internship is that there are vast differences between a single-dimension firewall log and the level of detail in the data the honeypot captures when it is probed.

https://isc.sans.edu/diary/Hygiene+Hygiene+Hygiene+Guest+Diary/31260/

Internet Storm Center Entries


23:59, Time to Exfiltrate! (2024.09.17)

https://isc.sans.edu/diary/2359+Time+to+Exfiltrate/31272/

Managing PE Files With Overlays (2024.09.16)

https://isc.sans.edu/diary/Managing+PE+Files+With+Overlays/31268/

YARA-X's Dump Command (2024.09.15)

https://isc.sans.edu/diary/YARAXs+Dump+Command/31264/

YARA 4.5.2 Release (2024.09.14)

https://isc.sans.edu/diary/YARA+452+Release/31258/

Python Libraries Used for Malicious Purposes (2024.09.11)

https://isc.sans.edu/diary/Python+Libraries+Used+for+Malicious+Purposes/31248/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-43461 - Windows MSHTML Platform Spoofing Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 8.8

** KEV since 2024-09-16 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43461

ISC Podcast: https://isc.sans.edu/podcastdetail/9140

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461

CVE-2024-43491 - Servicing Stack in Windows 10 version 1507 has a vulnerability that could allow attackers to exploit previously mitigated vulnerabilities on systems with specific security updates installed.

Product: Microsoft Windows 10 1507

CVSS Score: 9.8

** KEV since 2024-09-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43491

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491

CVE-2024-8190 - Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before is vulnerable to an OS command injection that allows a remote authenticated attacker to achieve remote code execution with admin level privileges.

Product: Ivanti Cloud Services Appliance

CVSS Score: 7.2

** KEV since 2024-09-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8190

ISC Podcast: https://isc.sans.edu/podcastdetail/9138

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190

CVE-2024-29847 - Ivanti EPM before 2022 SU6, or the 2024 September update, is vulnerable to remote unauthenticated code execution through deserialization of untrusted data in the agent portal.

Product: Ivanti Endpoint Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29847

ISC Podcast: https://isc.sans.edu/podcastdetail/9138

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

CVE-2024-8191 - Ivanti EPM before 2022 SU6 or 2024 September update is vulnerable to SQL injection, enabling remote unauthenticated attackers to achieve remote code execution.

Product: Ivanti Endpoint Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8191

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

CVE-2024-38014 - Windows Installer Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

** KEV since 2024-09-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38014

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014

CVE-2024-38226 - Microsoft Publisher Security Feature Bypass Vulnerability

Product: Microsoft Office

CVSS Score: 7.3

** KEV since 2024-09-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38226

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226

CVE-2024-38217 - Windows Mark of the Web Security Feature Bypass Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 5.4

** KEV since 2024-09-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38217

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217

CVE-2024-6342 - Zyxel NAS326 and NAS542 firmware versions through V5.21(AAZF.18)C0 and V5.21(ABAG.15)C0, respectively, are vulnerable to command injection via crafted HTTP POST requests.

Product: Zyxel NAS326

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6342

NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-nas-products-09-10-2024

CVE-2024-6596 - An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

Product: Microsoft Windows

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6596

NVD References: https://cert.vde.com/en/advisories/VDE-2024-041

CVE-2024-39581 - Dell PowerScale InsightIQ, versions 5.0 through 5.1, has a vulnerability where external parties can access files or directories, allowing for unauthorized reading, modification, and deletion of files by remote attackers.

Product: Dell InsightIQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39581

NVD References: https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities

CVE-2024-39583 - Dell PowerScale InsightIQ versions 5.0 through 5.1 are vulnerable to a Use of a Broken or Risky Cryptographic Algorithm flaw, allowing unauthenticated attackers with remote access to potentially elevate privileges.

Product: Dell InsightIQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39583

NVD References: https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities

CVE-2024-33698 - SIMATIC Information Server 2022, SIMATIC Information Server 2024, SIMATIC PCS neo, SINEC NMS, and TIA Portal versions 16, 17, 18, and 19 are susceptible to a heap-based buffer overflow vulnerability in the integrated UMC component, enabling a remote attacker to execute arbitrary code.

Product: Siemens Totally Integrated Automation Portal (TIA Portal)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33698

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-039007.html

CVE-2024-35783 - SIMATIC BATCH V9.1, SIMATIC Information Server 2020, SIMATIC Information Server 2022, SIMATIC PCS 7 V9.1, SIMATIC Process Historian 2020, SIMATIC Process Historian 2022, SIMATIC WinCC Runtime Professional V18, SIMATIC WinCC Runtime Professional V19, SIMATIC WinCC V7.4, SIMATIC WinCC V7.5, and SIMATIC WinCC V8.0 are vulnerable to an elevation of privilege attack allowing an authenticated attacker to execute arbitrary OS commands with administrative privileges.

Product: Siemens SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35783

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-629254.html

CVE-2024-45032 - Industrial Edge Management Pro and Industrial Edge Management Virtual versions prior to V1.9.5 and V2.3.1-1, respectively, are vulnerable to impersonation attacks due to improper validation of device tokens by affected components.

Product: Siemens Industrial Edge Management

CVSS Score: 10.0 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45032

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-359713.html

CVE-2024-40754 - Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.

Product: Samsung Escargot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40754

NVD References: https://github.com/Samsung/escargot/pull/1369

CVE-2023-37226 - Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.

Product: Loftware Spectrum

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37226

NVD References:

- https://code-white.com

- https://code-white.com/public-vulnerability-list/

- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm

CVE-2023-37227 - Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.

Product: Loftware Spectrum

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37227

NVD References:

- https://code-white.com

- https://code-white.com/public-vulnerability-list/

- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF13.htm

CVE-2023-37231 - Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.

Product: Loftware Spectrum

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37231

NVD References:

- https://code-white.com

- https://code-white.com/public-vulnerability-list/

- https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm

CVE-2024-44677 - Eladmin v2.7 and before is vulnerable to SSRF, enabling attackers to execute arbitrary code through DatabaseController.java.

Product: Aladdin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44677

NVD References:

- https://github.com/elunez/eladmin

- https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md

CVE-2024-45593 - Nix package manager version 2.24 prior to 2.24.6 allows malicious users to write to arbitrary file system locations with root permissions.

Product: Nix

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45593

NVD References:

- https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59

- https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493

CVE-2024-38194 - An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.

Product: Microsoft Azure Web Apps

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38194

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38194

CVE-2024-38216 & CVE-2024-38220 - Azure Stack Hub Elevation of Privilege Vulnerabilities

Product: Microsoft Azure Stack Hub

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38216

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38220

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38216

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220

CVE-2024-38225 - Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

Product: Microsoft Dynamics 365 Business Central

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38225

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38225

CVE-2024-38240 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38240

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38240

CVE-2024-43455 - Windows Remote Desktop Licensing Service Spoofing Vulnerability

Product: Microsoft Windows Server 2008

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43455

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43455

CVE-2024-44893 - An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.

Product: JimuSoftware JimuReport

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44893

NVD References: https://github.com/jeecgboot/JimuReport/issues/2904

CVE-2024-45409 - Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 allows an unauthenticated attacker to forge a SAML Response and log in as an arbitrary user.

Product: Ruby-SAML

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45409

NVD References:

- https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae

- https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7

- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2

- https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq

CVE-2024-43040 - Renwoxing Enterprise Intelligent Management System before v3.0 is vulnerable to SQL injection via the parid parameter at /fx/baseinfo/SearchInfo.

Product: Renwoxing Enterprise Intelligent Management System

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43040

NVD References: https://gist.github.com/X1lyS/75a8ea48c4997b683e8b41c94e79e5f9

CVE-2024-8503 - VICIdial is vulnerable to time-based SQL injection, allowing attackers to access plaintext credentials stored in the database.

Product: VICIdial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8503

NVD References:

- https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt

- https://www.vicidial.org/vicidial.php

CVE-2019-25212 - The video carousel slider plugin for WordPress is vulnerable to SQL Injection in versions up to 1.0.6, allowing authenticated attackers to extract sensitive data.

Product: WordPress video carousel slider with lightbox plugin

Active Installations: 1,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25212

NVD References:

- https://plugins.trac.wordpress.org/changeset?old_path=/wp-responsive-video-gallery-with-lightbox/tags/1.0.6&new_path=/wp-responsive-video-gallery-with-lightbox/tags/1.0.7&sfp_email=&sfph_mail=#file41

- https://wordpress.org/plugins/wp-responsive-video-gallery-with-lightbox

- https://www.wordfence.com/threat-intel/vulnerabilities/id/85e70be3-3ed7-4ce1-a20c-046fb7c4ec31?source=cve

CVE-2024-8277 - The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as an administrator or any user with a valid user transient.

Product: WooCommerce Photo Reviews Premium (plugin)

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8277

NVD References:

- https://codecanyon.net/item/woocommerce-photo-reviews/21245349

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a1e2d370-a716-4d6b-8e23-74db2fbd0760?source=cve

CVE-2024-27114 - SO Planning online planning tool is vulnerable to unauthenticated Remote Code Execution (RCE) allowing attackers to upload and execute PHP files if public view setting is enabled, until version 1.52.02 was released to fix the issue.

Product: SO Planning online planning tool

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27114

NVD References: https://csirt.divd.nl/CVE-2024-27114

CVE-2024-44466 - COMFAST CF-XR11 V2.7.2 is vulnerable to command injection via POST requests to /usr/bin/webmgnt.

Product: Comfast CF-XR11

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44466

NVD References: https://github.com/CurryRaid/iot_vul/tree/main/comfast

CVE-2024-44541 - evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."

Product: evilnapsis Inventio Lite

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44541

NVD References:

- https://github.com/evilnapsis/inventio-lite

- https://github.com/pointedsec/CVE-2024-44541/

CVE-2024-28990 - SolarWinds Access Rights Manager (ARM) contains a hard-coded credential authentication bypass vulnerability that allows unauthorized access to the RabbitMQ management console.

Product: Solarwinds Access Rights Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28990

NVD References:

- https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm

- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28990

CVE-2024-40457 - No-IP Dynamic Update Client (DUC) v3.x is vulnerable to cleartext credential exposure through command line arguments or in configuration files.

Product: No-IP Dynamic Update Client (DUC)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40457

NVD References:

- https://www.noip.com/support/knowledgebase/install-linux-3-x-dynamic-update-client-duc

- https://www.noip.com/support/knowledgebase/running-linux-duc-v3-0-startup-2

CVE-2024-45824 - IMPACT CVE-2024-45824 allows for unauthenticated remote code execution in affected products when combined with other vulnerabilities.

Product: Nozomi Networks SCADAguardian

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45824

NVD References: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html

CVE-2024-2743 - GitLab-EE versions 13.3 to 17.3.2 allow unauthorized attackers to modify on-demand DAST scans and leak variables.

Product: GitLab-EE

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2743

NVD References:

- https://gitlab.com/gitlab-org/gitlab/-/issues/451014

- https://hackerone.com/reports/2411756

CVE-2024-6678 - GitLab CE/EE allows an attacker to trigger a pipeline as an arbitrary user in versions 8.14 to 17.3.2.

Product: GitLab CE/EE

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6678

NVD References:

- https://gitlab.com/gitlab-org/gitlab/-/issues/471923

- https://hackerone.com/reports/2595495

CVE-2024-8695 & CVE-2024-8696 - Docker Desktop is vulnerable to remote code execution.

Product: Docker Desktop

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8695

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8696

NVD References: https://docs.docker.com/desktop/release-notes/#4342

CVE-2024-34334 - ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.

Product: ORDAT FOSS-Online

CVSS Score: 9.3 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34334

NVD References:

- http://foss-online.com

- http://ordat.com

- https://mind-bytes.de/sql-injection-in-foss-online-cve-2024-34334/

CVE-2024-41874 - ColdFusion versions 2023.9, 2021.15 and earlier have a Deserialization of Untrusted Data vulnerability that allows arbitrary code execution without user interaction.

Product: Adobe ColdFusion 2021

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41874

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html

CVE-2024-44430 - Best Free Law Office Management Software-v1.0 is vulnerable to SQL Injection, allowing attackers to execute arbitrary code and access sensitive information through a crafted payload.

Product: Best Free Law Office Management Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44430

NVD References:

- https://blog.csdn.net/samwbs/article/details/140954482

- https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md

CVE-2024-8039 - Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.

Product: AFMobi Boomplayer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8039

NVD References:

- https://security.tecno.com/SRC/blogdetail/307?lang=en_US

- https://security.tecno.com/SRC/securityUpdates?type=SA

CVE-2024-8669 - The Backuply plugin for WordPress is vulnerable to SQL Injection, allowing authenticated attackers with administrator-level access to extract sensitive information from the database.

Product: The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress

Active Installations: 200,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8669

NVD References:

- https://plugins.trac.wordpress.org/browser/backuply/trunk/functions.php#L1477

- https://plugins.trac.wordpress.org/changeset/3151205/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/6a061553-c988-4a31-a0a2-7a2608faa33f?source=cve

CVE-2024-8762 - Code-projects Crud Operation System 1.0 is vulnerable to a critical SQL injection attack through the argument sid in /updatedata.php, allowing for remote exploitation.

Product: Code-Projects Crud Operation System

CVSS Score: 9.8

NVD:

- https://nvd.nist.gov/vuln/detail/CVE-2024-8762

- https://github.com/Kangsiyuan/1/issues/1

CVE-2024-8868 - Code-projects Crud Operation System 1.0 is vulnerable to a critical sql injection issue in the file savedata.php through the argument sname.

Product: Code-Projects Crud Operation System

CVSS Score: 9.8

NVD:

- https://nvd.nist.gov/vuln/detail/CVE-2024-8868

- https://github.com/ppp-src/a/issues/7

CVE-2024-46918 - MISP allows org admins to view sensitive login fields of other org admins in the same org before version 2.4.198.

Product: MISP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46918

NVD References:

- https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa

- https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198

CVE-2024-46942 - OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1 allows a controller with a follower role to configure flow entries in a clustering deployment.

Product: OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46942

NVD References:

- https://docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html

- https://doi.org/10.48550/arXiv.2408.16940

- https://lf-opendaylight.atlassian.net/browse/MDSAL-869

CVE-2024-46943 - OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3 allows a rogue controller to impersonate an offline peer by joining a cluster without possessing complete configuration information.

Product: OpenDaylight Authentication, Authorization and Accounting (AAA)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46943

NVD References:

- https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html

- https://doi.org/10.48550/arXiv.2408.16940

- https://lf-opendaylight.atlassian.net/browse/AAA-285

CVE-2024-45694 & CVE-2024-45695 - Certain models of D-Link wireless routers are susceptible to Stack-based Buffer Overflow vulnerabilities, enabling unauthenticated remote attackers to execute arbitrary code on the device.

Product: Dlink Dir-X5460 and D-Link Dir-X4860

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45694

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45695

NVD References:

- https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html

- https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html

- https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html

- https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html

CVE-2024-45697 - D-Link wireless routers have a hidden telnet service vulnerability that allows unauthorized remote attackers to execute OS commands using hard-coded credentials.

Product: D-Link wireless routers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45697

NVD References:

- https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html

- https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html

CVE-2024-22399 - Apache Seata is vulnerable to deserialization of untrusted data when authentication is disabled on the Seata-Server and the Seata client SDK dependencies are not used, allowing for the construction of malicious requests using bytecode based on the Seata private protocol.

Product: Apache Seata

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22399

NVD References: https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4

CVE-2024-46451 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.

Product: TOTOLINK T8

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46451

NVD References: https://github.com/offshore0315/loT-vulnerable/blob/main/TOTOLINK/AC1200%20T8/setWiFiAclRules.md

CVE-2024-46419 - TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.

Product: TOTOLINK T8

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46419

NVD References: https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md

CVE-2024-46937 - MFASOFT Secure Authentication Server (SAS) versions 1.8.x through 1.9.x before 1.9.040924 allows remote attackers to access user tokens without authentication by brute-forcing the serial parameter.

Product: MFASOFT Secure Authentication Server (SAS)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46937

NVD References:

- https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server

- https://mfasoft.ru

CVE-2024-45496 - OpenShift is vulnerable to arbitrary command execution due to misuse of elevated privileges in the build process, allowing an attacker to escalate permissions on the worker node.

Product: Red Hat OpenShift

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45496

NVD References:

- https://access.redhat.com/security/cve/CVE-2024-45496

- https://bugzilla.redhat.com/show_bug.cgi?id=2308661

CVE-2024-7387 - Openshift/builder is vulnerable to command injection via path traversal allowing an attacker to execute arbitrary commands on the OpenShift node.

Product: Red Hat Openshift/builder

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7387

NVD References:

- https://access.redhat.com/security/cve/CVE-2024-7387

- https://bugzilla.redhat.com/show_bug.cgi?id=2302259

CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.

Product: VMware vCenter Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

CVE-2024-45798 - Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) vulnerabilities affecting the `tests_results.yml` workflow and environment Variable injection.

Product: Arduino arduino-esp32

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45798

NVD References:

- https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection

- https://github.com/espressif/arduino-esp32/blob/690bdb511d9f001e2066da2dda2c631a3eee270f/.github/workflows/tests_results.yml

- https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8

- https://securitylab.github.com/research/github-actions-preventing-pwn-requests

- https://securitylab.github.com/research/github-actions-untrusted-input

CVE-2024-8956 - The PTZOptics PT30X-SDI/NDI-xx camera before firmware 6.3.40 is vulnerable to an insufficient authentication issue, allowing a remote attacker to leak sensitive data and manipulate configuration settings without proper authentication.

Product: PTZOptics PT30X-SDI/NDI-xx

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8956

NVD References: https://ptzoptics.com/firmware-changelog/

NVD References: https://vulncheck.com/advisories/ptzoptics-insufficient-auth

CVE-2024-43976 & CVE-2024-43978 - Super Store Finder is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 6.9.7.

Product: highwarden Super Store Finder

Active Installations: unknown

CVSS Score: 9.3 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43976

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43978

NVD References: https://patchstack.com/database/vulnerability/superstorefinder-wp/wordpress-super-store-finder-plugin-6-9-7-sql-injection-vulnerability?_s_id=cve

NVD References: https://patchstack.com/database/vulnerability/superstorefinder-wp/wordpress-super-store-finder-plugin-6-9-8-sql-injection-vulnerability?_s_id=cve

CVE-2024-44004 - WPTaskForce WPCargo Track & Trace allows SQL Injection through improper neutralization of special elements in SQL commands.

Product: WPTaskForce WPCargo Track & Trace

Active Installations: 10,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44004

NVD References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve