SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 39
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Hurricane Helene Aftermath - Cyber Security Awareness Month
Published: 2024-10-01.
Last Updated: 2024-10-01 13:35:16 UTC
by Johannes Ullrich (Version: 1)
For a few years now, October has been "National Cyber Security Awareness Month". This year, it is a good opportunity for a refresher on some scams that tend to happen around disasters like Hurricane Helene. The bigger the disaster, the more attractive it is to scammers.
Fake Donation Sites
Hurricane Katrina was the first event that triggered many fake donation websites. Since then, the number of fake donation websites has decreased somewhat, partly due to law enforcement attention and hopefully due to people becoming more aware of these scams. These scams either pretend to be a new charity/group attempting to help or impersonate an existing reputable charity. People in affected areas need help. Please only donate to groups you are familiar with and who were active before the event.
AI Social Media Posts
I believe these posts are mostly created to gain social media followers, maybe with the intent to later reel them into some scam. They often post dramatic images created with AI tools or copied from legitimate accounts. Some may just be interested in some of the monetization schemes social media and video sites are participating. Do not amplify these accounts. Strictly speaking, they are not "fake news," but legitimate news sources who go out to take pictures and gather information need exposure more than these fake accounts. Often, the fake accounts will contribute to at least exaggeration of the impact of the event and reduce, in some cases, the credibility of legitimate recovery efforts
Malware
Attackers may use the event as a pretense to trick victims into opening attachments. In the past, we have seen e-mails and websites that spread malware claiming to include videos or images of the event. These attachments turn out to be executables installing malware.
Fake Assistance Scams
In the aftermath of a disaster, organizations often provide financial aid through loans. Scammers will apply for these loans using stolen identities traded online. If it may take several months for the victim to become aware of this, they often face a request to repay the loan. Sadly, there is not much, if anything, to protect yourself from these scams. The intend of the assistance is to be quick and unburocratic and to "sort things out later". You may have to prove that someone else used your information to apply for the loan.
"Grandparent Scam"
In this scam, a caller will pretend to be a relative or close friend, asking for money. These scams have improved because they can often identify individuals in the disaster area and use them as a pretense to extort money. The caller may claim to be the individual (often they use SMS or other text messaging services), or they may claim to represent a police department or a hospital. Do not respond to any demands for money. Notify your local police department. If you are concerned, try to reach out to the agency calling you using a published number (note that Google listings can be fake). Due to the conditions in affected areas, the local authorities may be unable to respond. Your local law enforcement agency may be able to assist. They often have a published "non-emergency" number you can use instead of 911. Individuals in the affected area may not be reachable due to spotty power and cell service availability.
Final Word
Please let us know if we missed anything. A final word on some disaster preparedness items with an "IT flavor":
1. Have a plan to get out, and if you can get out: get out. You should not stay in the affected area unless you are part of the recovery effort.
2. Cellular networks fail. Cellular networks tend to work pretty well during smaller disasters, but they need power, towers, and other infrastructure, which will fail in large-scale disasters. Satellite connectivity quickly becomes your only viable option (if you have power). If you have a phone with satellite emergency calling (for example, a recent iPhone), they offer a "demo mode" to familiarize you with the feature.
3. If you are lucky to already have a Starlink setup, bring the antenna inside before the storm and disconnect the equipment from power to avoid spikes destroying it.
4. Disconnect as many electric devices from outlets as possible during a power outage (or before power outages are expected). Power outages often come with power spikes and other irregular power events that can destroy sensitive electronics. Do not plug them back in until power is restored and stable.
5. Even a downed phone or cable TV line can be energized. You may not see the high voltage line that is also down and touches the cable TV line. I took the picture on the right this weekend in my neighborhood of a high-voltage line touching the cable TV and phone line.
https://isc.sans.edu/diary/Hurricane+Helene+Aftermath+Cyber+Security+Awareness+Month/31314/
Patch for Critical CUPS vulnerability: Don't Panic
Published: 2024-09-26.
Last Updated: 2024-09-26 20:49:25 UTC
by Johannes Ullrich (Version: 1)
These last two days, a lot has been talked about a "Doomsday 9.9 RCE bug'" in Linux [1]. We now have some additional details from Simone Margaritelli, who discovered and reported the vulnerabilities.
BLUF:
CUPS may use "filters", executables that can be used to convert documents. The part responsible ("cups-filters") accepts unverified data that may then be executed as part of a filter operation. An attacker can use this vulnerability to inject a malicious "printer". The malicious code is triggered once a user uses this printer to print a document. This has little or no impact if CUPS is not listening on port 631, and the system is not used to print documents (like most servers). An attacker may, however, be able to trigger the print operation remotely. On the local network, this is exploitable via DNS service discovery. A proof of concept exploit has been made available.
There is no patch right now. Disable and remove cups-browserd (you probably do not need it anyway). Update CUPS as updates become available. Stop UDP traffic on Port 631.
For a lot more details, see: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
The Vulnerabilities
CVE-2024-47176
This is a vulnerability in cups-browsed (up to version 2.0.1). This daemon listens for UDP packets on port 631. cups-browsed uses DNS service discovery to automatically discover printers and make them available to the user. As part of the exchange with printers, it will receive various URLs that it may use to retrieve additional information. These URLs are not properly validated, allowing attackers to trick cups-browsed to request arbitrary URLs.
CVE-2024-47076
libcupsfilters (up to version 2.1b1) replaces an older filter-architecture. It could be used to modify ("filter") files to adjust formats to make them printable on a specific printer. Like the prior issue, it is subject to the attacker providing malicious data that will be passed to other CUPS components.
CVE-2024-47115
libppd (up to version 2.1b1) also does not validate IPP attributes and adds them to the PPD file that is then passed to drivers and other components.
CVE-2024-47177
cups-filters (2.0.1) is the part that will allow the arbitrary command execution triggered by invalid PPD parameters. cups-filters execute external code ("filters") to convert files. Accepting data from unverified external sources, arbitrary code may be executed. In particular, the "foomatic-rip" filter allows the attacker to provide an arbitrary command line.
[1] https://www.theregister.com/2024/09/26/unauthenticated_rce_bug_linux/
[2] https://openprinting.github.io/cups/
https://isc.sans.edu/diary/Patch+for+Critical+CUPS+vulnerability+Dont+Panic/31302/
Internet Storm Center Entries
Tool update: mac-robber.py and le-hex-to-ip.py (2024.09.30)
https://isc.sans.edu/diary/Tool+update+macrobberpy+and+lehextoippy/31310/
OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary] (2024.09.25)
https://isc.sans.edu/diary/OSINT+Image+Analysis+or+More+Where+When+and+Metadata+Guest+Diary/31298/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-28987 - SolarWinds Web Help Desk (WHD) software is susceptible to a hardcoded credential flaw that enables unauthorized users to access internal functions and change information.
Product: SolarWinds Web Help Desk
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28987
ISC Podcast: https://isc.sans.edu/podcastdetail/9154
CVE-2024-47177 - CUPS allows for user-controlled command execution through the FoomaticRIPCommandLine in PPD files, potentially leading to remote command execution.
Product: CUPS cups-filters
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47177
ISC Diary: https://isc.sans.edu/diary/31302
NVD References:
- https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
- https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
- https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
- https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
CVE-2024-36435 - Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules) allows for arbitrary remote code execution due to a stack buffer overflow vulnerability.
Product: Supermicro BMC firmware
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36435
ISC Podcast: https://isc.sans.edu/podcastdetail/9162
CVE-2024-7120 - Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are vulnerable to critical os command injection via manipulation of the argument template in the Web Interface component's list_base_config.php file, allowing for remote attacks with publicly disclosed exploit potential (VDB-272451).
Product: Raisecom Msg1200_Firmware 3.90
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7120
ISC Podcast: https://isc.sans.edu/podcastdetail/9152
CVE-2024-8624 - The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection in all versions up to 1.3.3.3, allowing authenticated attackers with Contributor-level access to extract sensitive information from the database.
Product: Wordpress Meta Data And Taxonomies Filter
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8624
NVD References:
CVE-2024-8671 - The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite allowing unauthenticated attackers to execute remote code.
Product: Exthemes WooEvents
Active Installations: unknown
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8671
NVD References:
- https://codecanyon.net/item/wooevents-calendar-and-event-booking/15598178
CVE-2024-8791 - The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14, allowing unauthenticated attackers to update email addresses and passwords of user accounts through the update_core_user() function.
Product: WPCharitable
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8791
NVD References:
CVE-2024-8436 - The WP Easy Gallery - WordPress Gallery Plugin is vulnerable to SQL Injection in versions up to 4.8.5, allowing authenticated attackers to extract sensitive information from the database.
Product: WP Easy Gallery WordPress Gallery Plugin
Active Installations: This plugin has been closed as of September 19, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8436
NVD References:
- https://plugins.trac.wordpress.org/browser/wp-easy-gallery/trunk/wp-easy-gallery.php#L730
CVE-2024-8485 - The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation through account takeover in all versions up to, and including, 4.7.1.
Product: WordPress REST API TO MiniProgram plugin
Active Installations: This plugin has been closed as of September 23, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8485
NVD References:
CVE-2024-8621 - The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection through the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26, allowing authenticated attackers to extract sensitive information from the database.
Product: WordPress Daily Prayer Time plugin
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8621
NVD References:
CVE-2024-7385 - The WordPress Simple HTML Sitemap plugin is vulnerable to SQL Injection via the 'id' parameter in all versions up to 3.1 allowing authenticated attackers to extract sensitive information from the database.
Product: WordPress Simple HTML Sitemap Plugin
Active Installations: 2,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7385
NVD References:
- https://plugins.trac.wordpress.org/browser/wp-simple-html-sitemap/tags/3.1/inc/wshs_saved.php#L47
- https://plugins.trac.wordpress.org/changeset/3155037/wp-simple-html-sitemap/trunk/inc/wshs_saved.php
CVE-2024-8514 - The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection through deserialization of untrusted input, allowing authenticated attackers with Administrator-level access or higher to inject a PHP Object and potentially perform malicious actions.
Product: Prisna GWT – Google Website Translator
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8514
NVD References:
CVE-2024-8275 - The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function, allowing unauthenticated attackers to extract sensitive information from the database.
Product: Automattic The Events Calendar plugin
Active Installations: 700,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8275
NVD References:
- https://docs.theeventscalendar.com/reference/functions/tribe_has_next_event/
- https://theeventscalendar.com/knowledgebase/customizing-template-files-2-legacy/
CVE-2024-9106 - The Wechat Social login plugin for WordPress up to version 1.3.0 is vulnerable to authentication bypass due to insufficient user verification, allowing unauthenticated attackers to log in as any existing user with access to the user id.
Product: Wechat Social login plugin for WordPress
Active Installations: This plugin has been closed as of September 30, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9106
NVD References:
CVE-2024-9108 - The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads allowing unauthenticated attackers to potentially execute remote code.
Product: Wechat WordPress Social login plugin
Active Installations: This plugin has been closed as of September 30, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9108
NVD References:
CVE-2024-9265 - The Echo RSS Feed Post Generator plugin for WordPress has a privilege escalation vulnerability up to version 5.4.6, allowing unauthenticated attackers to register as an administrator.
Product: WordPress Echo RSS Feed Post Generator
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9265
NVD References:
- https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974
CVE-2024-9289 - The WordPress & WooCommerce Affiliate Program plugin is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any user, including administrators.
Product: WordPress WooCommerce Affiliate Program Plugin
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9289
NVD References:
- https://codecanyon.net/item/wordpress-woocommerce-affiliate-program/23580333
CVE-2024-7772 - The Jupiter X Core plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution.
Product: WordPress Jupiter X Core plugin
Active Installations: 90,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7772
NVD References:
CVE-2024-8353 - The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection allowing unauthenticated attackers to achieve remote code execution via deserialization of untrusted input in versions up to 3.16.1.
Product: GiveWP
Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8353
NVD References:
- https://plugins.trac.wordpress.org/browser/give/tags/3.16.0/includes/process-donation.php#L154
- https://plugins.trac.wordpress.org/changeset/3149290/give/tags/3.16.1/includes/process-donation.php
- https://plugins.trac.wordpress.org/changeset/3149290/give/tags/3.16.1/src/Helpers/Utils.php
- https://plugins.trac.wordpress.org/changeset/3157829/give/tags/3.16.2/includes/process-donation.php
CVE-2023-26686 - CS-Cart MultiVendor 4.16.1 is vulnerable to remote code execution through image uploads during shop customization.
Product: CS-Cart MultiVendor
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26686
NVD References:
CVE-2023-26689 - An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
CVE-2024-42505, CVE-2024-42506, & CVE-2024-42507 - Aruba's Access Point management protocol (PAPI) is vulnerable to unauthenticated remote code execution through specially crafted packets sent to the UDP port (8211).
Product: Aruba PAPI (Aruba's Access Point management protocol)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42505
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42506
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42507
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
CVE-2024-42797 - Kashipara Music Management System v1.0 is vulnerable to an Incorrect Access Control flaw in /music/ajax.php?action=delete_playlist, enabling unauthorized deletion of music playlist entries.
Product: Kashipara Music Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42797NVD References: https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Playlist.pdfCVE-2024-43423 - The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.Product: Doverfuelingsolutions ProGauge MAGLINK LX4 ConsoleCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43423NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04CVE-2024-43692 - ProGauge MAGLINK LX CONSOLE allows attackers to request the resource sub page with full privileges via the URL.Product: Doverfuelingsolutions ProGauge MAGLINK LX4 ConsoleCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43692NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04CVE-2024-43693 & CVE-2024-45066 - ProGauge MAGLINK LX CONSOLE UTILITY sub-menu and IP sub-menu are vulnerable to remote command injection via specially crafted POST requests.Product: Doverfuelingsolutions ProGauge MAGLINK LX4 ConsoleCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43693NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45066NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04CVE-2024-46612 - IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.Product: IceCMS v3.4.7CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46612NVD References: - https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46612.md- https://github.com/Thecosy/iceCMS?tab=readme-ov-fileCVE-2024-46957 - Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing because the stanza type is not checked. This is fixed in 0.22.0.Product: Mellium mellium im/xmppCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46957NVD References: - https://codeberg.org/mellium/xmpp/releases- https://mellium.im/cve/cve-2024-46957/CVE-2024-8067 - Helix Core is vulnerable to a Windows ANSI API Unicode "best fit" argument injection before version 2024.1 Patch 2 (2024.1/2655224).Product: Helix CoreCVSS Score: 9.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8067NVD References: https://portal.perforce.com/s/detail/a91PA000001SXEzYAOCVE-2024-8877 - Riello Netman 204 through 4.05 is vulnerable to SQL injection in its SQLite database of measurement data.Product: Riello-Ups Netman 204CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8877NVD References: https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.htmlCVE-2024-8878 - Netman 204: through 4.05 allows an attacker to reset the admin password and take over control of the device via its forgotten password recovery mechanism vulnerability.Product: Riello-Ups Netman 204CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8878NVD References: https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.htmlCVE-2024-8940 - Scriptcase application version 9.4.019 is vulnerable to an arbitrary upload file exploit via a POST request, allowing attackers to upload malicious files to the server.Product: Scriptcase CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8940NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-scriptcaseCVE-2024-9142 - e-Belediye: before 2.0.642 allows external manipulation of file paths, leading to incorrect permission assignment for critical resources in Olgu Computer Systems.Product: Olgu Computer Systems e-BelediyeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9142NVD References: https://www.usom.gov.tr/bildirim/tr-24-1527CVE-2024-6592 - WatchGuard Authentication Gateway, Windows Single Sign-On Client, and MacOS Single Sign-On Client versions through 12.10.2, 12.7, and 12.5.4 respectively suffer from an Incorrect Authorization vulnerability allowing Authentication Bypass.Product: WatchGuard Authentication GatewayCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6592NVD References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014CVE-2024-6593 - WatchGuard Authentication Gateway on Windows allows an attacker to execute restricted commands due to an Incorrect Authorization vulnerability.Product: WatchGuard Authentication GatewayCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6593NVD References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00015CVE-2024-47078 - Meshtastic prior to version 2.5.1 is vulnerable to authentication and authorization bypasses in its MQTT implementation, allowing for unauthorized control of nodes.Product: Meshtastic CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47078NVD References: https://github.com/meshtastic/firmware/security/advisories/GHSA-vqcq-wjwx-7252CVE-…
CVE-2024-43692 - ProGauge MAGLINK LX CONSOLE allows attackers to request the resource sub page with full privileges via the URL.
Product: Doverfuelingsolutions ProGauge MAGLINK LX4 Console
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43692
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04
CVE-2024-43693 & CVE-2024-45066 - ProGauge MAGLINK LX CONSOLE UTILITY sub-menu and IP sub-menu are vulnerable to remote command injection via specially crafted POST requests.
Product: Doverfuelingsolutions ProGauge MAGLINK LX4 Console
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43693
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45066
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04
CVE-2024-46612 - IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
Product: IceCMS v3.4.7
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46612
NVD References:
- https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46612.md
CVE-2024-46957 - Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing because the stanza type is not checked. This is fixed in 0.22.0.
Product: Mellium mellium im/xmpp
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46957
NVD References:
CVE-2024-8067 - Helix Core is vulnerable to a Windows ANSI API Unicode "best fit" argument injection before version 2024.1 Patch 2 (2024.1/2655224).
Product: Helix Core
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8067
NVD References: https://portal.perforce.com/s/detail/a91PA000001SXEzYAO
CVE-2024-8877 - Riello Netman 204 through 4.05 is vulnerable to SQL injection in its SQLite database of measurement data.
Product: Riello-Ups Netman 204
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8877
NVD References: https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html
CVE-2024-8878 - Netman 204: through 4.05 allows an attacker to reset the admin password and take over control of the device via its forgotten password recovery mechanism vulnerability.
Product: Riello-Ups Netman 204
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8878
NVD References: https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html
CVE-2024-8940 - Scriptcase application version 9.4.019 is vulnerable to an arbitrary upload file exploit via a POST request, allowing attackers to upload malicious files to the server.
Product: Scriptcase
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8940
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-scriptcase
CVE-2024-9142 - e-Belediye: before 2.0.642 allows external manipulation of file paths, leading to incorrect permission assignment for critical resources in Olgu Computer Systems.
Product: Olgu Computer Systems e-Belediye
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9142
NVD References: https://www.usom.gov.tr/bildirim/tr-24-1527
CVE-2024-6592 - WatchGuard Authentication Gateway, Windows Single Sign-On Client, and MacOS Single Sign-On Client versions through 12.10.2, 12.7, and 12.5.4 respectively suffer from an Incorrect Authorization vulnerability allowing Authentication Bypass.
Product: WatchGuard Authentication Gateway
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6592
NVD References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
CVE-2024-6593 - WatchGuard Authentication Gateway on Windows allows an attacker to execute restricted commands due to an Incorrect Authorization vulnerability.
Product: WatchGuard Authentication Gateway
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6593
NVD References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00015
CVE-2024-47078 - Meshtastic prior to version 2.5.1 is vulnerable to authentication and authorization bypasses in its MQTT implementation, allowing for unauthorized control of nodes.
Product: Meshtastic
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47078
NVD References: https://github.com/meshtastic/firmware/security/advisories/GHSA-vqcq-wjwx-7252
CVE-2024-46488 - Sqlite-vec v0.1.1 is vulnerable to a heap buffer overflow in the npy_token_next function, allowing attackers to trigger a Denial of Service (DoS) with a malicious file.
Product: sqlite-vec npy_token_next
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46488
NVD References: https://github.com/VulnSphere/LLMVulnSphere/blob/main/VectorDB/sqlite-vec/OOBR_2.md
CVE-2024-0132 - NVIDIA Container Toolkit 1.16.1 or earlier is vulnerable to TOCTOU attack allowing a specially crafted container image to access the host file system and potentially lead to various security threats.
Product: NVIDIA Container Toolkit
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0132
NVD References: https://nvidia.custhelp.com/app/answers/detail/a_id/5582
CVE-2024-46627 - Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
Product: BECN DATAGERRY
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46627
NVD References:
- https://github.com/DATAGerry/
- https://github.com/d4lyw/CVE-2024-46627
CVE-2024-47070 - Authentik is an open-source identity provider that allows bypassing password login with an unparsable IP address in versions prior to 2024.8.3 and 2024.6.5, leading to a security risk of logging into any account with a known login or email address.
Product: Authentik
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47070
NVD References:
- https://github.com/goauthentik/authentik/commit/78f7b04d5a62b2a9d4316282a713c2c7857dbe29
- https://github.com/goauthentik/authentik/commit/dd8f809161e738b25765797eb2a5c77a7d3fc2cf
- https://github.com/goauthentik/authentik/security/advisories/GHSA-7jxf-mmg9-9hg7
CVE-2024-46367 - Webkul Krayin CRM 1.3.0 is vulnerable to stored XSS, enabling remote attackers to inject malicious JavaScript code through the username field, potentially leading to privilege escalation within the CRM system.
Product: Webkul Krayin CRM
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46367
NVD References: https://gist.github.com/Tommywarren/4ac0c8f6e5d8584accd31b8277e55749
CVE-2024-6981 - OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication.
Product: OMNTEC Proteus Tank Monitoring OEL8000III Series
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6981
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-06
CVE-2024-8310 - OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.
Product: OPW Fuel Management Systems SiteSentinel
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8310
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01
CVE-2024-8630 - Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
Product: Alisonic Sibylla
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8630
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-02
CVE-2024-9295, CVE-2024-9296, CVE-2024-9318, & CVE-2024-9328 - SourceCodester Advocate Office Management System 1.0 is vulnerable to multiple critical sql injection issues
Product: Mayurik Advocate Office Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9295
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9296
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9318
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9328
NVD References:
- https://www.sourcecodester.com/
CVE-2024-8456 - Certain switch models from PLANET Technology are vulnerable to unauthenticated remote attackers gaining full control of the devices through improper access control in firmware upload and download functionality.
Product: PLANET Technology certain switch models
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8456
NVD References:
- https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html
- https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html
CVE-2024-46293 - Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control due to a lack of authorization checks for admin operations, allowing attackers to perform admin-level actions without a valid session token.
Product: Sourcecodester Online Medicine Ordering System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46293
NVD References: https://github.com/bunyamindemir/vulnerability-disclosures/blob/main/omos-authorization-bypass.md
CVE-2024-42017 - Atos Eviden iCare versions 2.7.1 through 2.7.11 expose a web interface locally, potentially allowing remote attackers to execute arbitrary commands with system privilege on the hosting endpoint.
Product: Atos Eviden iCare
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42017
NVD References:
CVE-2024-41276 - Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism through a request limiting flaw, enabling unauthorized access through a brute force attack.
Product: Kaiten
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41276
NVD References:
- https://github.com/artemy-ccrsky/CVE-2024-41276
CVE-2024-25660 - Infinera TNMS 19.10.3 WebDAV service allows low-privileged remote attackers to conduct unauthorized file operations due to unnecessary privilege execution.
Product: Infinera TNMS (Transcend Network Management System)
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25660
NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25660
CVE-2024-9392 - Firefox and Thunderbird versions prior to 131, 128.3, and 115.16 could allow for arbitrary loading of cross-origin pages due to a compromised content process.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9392
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1899154
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
- https://www.mozilla.org/security/advisories/mfsa2024-49/
- https://www.mozilla.org/security/advisories/mfsa2024-50/
CVE-2024-9401 & CVE-2024-9402 - Firefox, Firefox ESR, and Thunderbird versions prior to 131, 128.3, and 115.16, respectively, have memory safety bugs.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9401
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9402
NVD References:
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
- https://www.mozilla.org/security/advisories/mfsa2024-49/
- https://www.mozilla.org/security/advisories/mfsa2024-50/
CVE-2024-42514 - Mitel MiContact Center Business through 10.1.0.4 is vulnerable to unauthorized access attacks, allowing attackers to view sensitive information and send unauthorized messages.
Product: Mitel MiContact Center Business
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42514
NVD References:
- https://www.mitel.com/support/security-advisories
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024
CVE-2024-45519 - The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41,10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Product: Zimbra Collaboration (ZCS)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45519
ISC Podcast: https://isc.sans.edu/podcastdetail/9162
NVD References:
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://blog.projectdiscovery.io/zimbra-remote-code-execution/
The following vulnerability needs a manual review:
CVE-2024-47115
CVE-2024-9142 - e-Belediye: before 2.0.642 allows external manipulation of file paths, leading to incorrect permission assignment for critical resources in Olgu Computer Systems.
Product: Olgu Computer Systems e-Belediye
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9142
NVD References: https://www.usom.gov.tr/bildirim/tr-24-1527
CVE-2024-6592 - WatchGuard Authentication Gateway, Windows Single Sign-On Client, and MacOS Single Sign-On Client versions through 12.10.2, 12.7, and 12.5.4 respectively suffer from an Incorrect Authorization vulnerability allowing Authentication Bypass.
Product: WatchGuard Authentication Gateway
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6592
NVD References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
CVE-2024-6593 - WatchGuard Authentication Gateway on Windows allows an attacker to execute restricted commands due to an Incorrect Authorization vulnerability.
Product: WatchGuard Authentication Gateway
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6593
NVD References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00015
CVE-2024-47078 - Meshtastic prior to version 2.5.1 is vulnerable to authentication and authorization bypasses in its MQTT implementation, allowing for unauthorized control of nodes.
Product: Meshtastic
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47078
NVD References: https://github.com/meshtastic/firmware/security/advisories/GHSA-vqcq-wjwx-7252
CVE-2024-46488 - Sqlite-vec v0.1.1 is vulnerable to a heap buffer overflow in the npy_token_next function, allowing attackers to trigger a Denial of Service (DoS) with a malicious file.
Product: sqlite-vec npy_token_next
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46488
NVD References: https://github.com/VulnSphere/LLMVulnSphere/blob/main/VectorDB/sqlite-vec/OOBR_2.md
CVE-2024-0132 - NVIDIA Container Toolkit 1.16.1 or earlier is vulnerable to TOCTOU attack allowing a specially crafted container image to access the host file system and potentially lead to various security threats.
Product: NVIDIA Container Toolkit
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0132
NVD References: https://nvidia.custhelp.com/app/answers/detail/a_id/5582
CVE-2024-46627 - Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
Product: BECN DATAGERRY
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46627
NVD References:
- https://github.com/DATAGerry/
- https://github.com/d4lyw/CVE-2024-46627
CVE-2024-47070 - Authentik is an open-source identity provider that allows bypassing password login with an unparsable IP address in versions prior to 2024.8.3 and 2024.6.5, leading to a security risk of logging into any account with a known login or email address.
Product: Authentik
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47070
NVD References:
- https://github.com/goauthentik/authentik/commit/78f7b04d5a62b2a9d4316282a713c2c7857dbe29
- https://github.com/goauthentik/authentik/commit/dd8f809161e738b25765797eb2a5c77a7d3fc2cf
- https://github.com/goauthentik/authentik/security/advisories/GHSA-7jxf-mmg9-9hg7
CVE-2024-46367 - Webkul Krayin CRM 1.3.0 is vulnerable to stored XSS, enabling remote attackers to inject malicious JavaScript code through the username field, potentially leading to privilege escalation within the CRM system.
Product: Webkul Krayin CRM
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46367
NVD References: https://gist.github.com/Tommywarren/4ac0c8f6e5d8584accd31b8277e55749
CVE-2024-6981 - OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication.
Product: OMNTEC Proteus Tank Monitoring OEL8000III Series
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6981
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-06
CVE-2024-8310 - OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.
Product: OPW Fuel Management Systems SiteSentinel
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8310
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01
CVE-2024-8630 - Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
Product: Alisonic Sibylla
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8630
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-02
CVE-2024-9295, CVE-2024-9296, CVE-2024-9318, & CVE-2024-9328 - SourceCodester Advocate Office Management System 1.0 is vulnerable to multiple critical sql injection issues
Product: Mayurik Advocate Office Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9295
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9296
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9318
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9328
NVD References:
- https://www.sourcecodester.com/
CVE-2024-8456 - Certain switch models from PLANET Technology are vulnerable to unauthenticated remote attackers gaining full control of the devices through improper access control in firmware upload and download functionality.
Product: PLANET Technology certain switch models
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8456
NVD References:
- https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html
- https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html
CVE-2024-46293 - Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control due to a lack of authorization checks for admin operations, allowing attackers to perform admin-level actions without a valid session token.
Product: Sourcecodester Online Medicine Ordering System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46293
NVD References: https://github.com/bunyamindemir/vulnerability-disclosures/blob/main/omos-authorization-bypass.md
CVE-2024-42017 - Atos Eviden iCare versions 2.7.1 through 2.7.11 expose a web interface locally, potentially allowing remote attackers to execute arbitrary commands with system privilege on the hosting endpoint.
Product: Atos Eviden iCare
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42017
NVD References:
CVE-2024-41276 - Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism through a request limiting flaw, enabling unauthorized access through a brute force attack.
Product: Kaiten
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41276
NVD References:
- https://github.com/artemy-ccrsky/CVE-2024-41276
CVE-2024-25660 - Infinera TNMS 19.10.3 WebDAV service allows low-privileged remote attackers to conduct unauthorized file operations due to unnecessary privilege execution.
Product: Infinera TNMS (Transcend Network Management System)
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25660
NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25660
CVE-2024-9392 - Firefox and Thunderbird versions prior to 131, 128.3, and 115.16 could allow for arbitrary loading of cross-origin pages due to a compromised content process.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9392
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1899154
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
- https://www.mozilla.org/security/advisories/mfsa2024-49/
- https://www.mozilla.org/security/advisories/mfsa2024-50/
CVE-2024-9401 & CVE-2024-9402 - Firefox, Firefox ESR, and Thunderbird versions prior to 131, 128.3, and 115.16, respectively, have memory safety bugs.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9401
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9402
NVD References:
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
- https://www.mozilla.org/security/advisories/mfsa2024-49/
- https://www.mozilla.org/security/advisories/mfsa2024-50/
CVE-2024-42514 - Mitel MiContact Center Business through 10.1.0.4 is vulnerable to unauthorized access attacks, allowing attackers to view sensitive information and send unauthorized messages.
Product: Mitel MiContact Center Business
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42514
NVD References:
- https://www.mitel.com/support/security-advisories
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024
CVE-2024-45519 - The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41,10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Product: Zimbra Collaboration (ZCS)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45519
ISC Podcast: https://isc.sans.edu/podcastdetail/9162
NVD References:
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://blog.projectdiscovery.io/zimbra-remote-code-execution/
The following vulnerability needs a manual review:
CVE-2024-47115
CVE-2024-47070 - Authentik is an open-source identity provider that allows bypassing password login with an unparsable IP address in versions prior to 2024.8.3 and 2024.6.5, leading to a security risk of logging into any account with a known login or email address.
Product: Authentik
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47070
NVD References:
- https://github.com/goauthentik/authentik/commit/78f7b04d5a62b2a9d4316282a713c2c7857dbe29
- https://github.com/goauthentik/authentik/commit/dd8f809161e738b25765797eb2a5c77a7d3fc2cf
- https://github.com/goauthentik/authentik/security/advisories/GHSA-7jxf-mmg9-9hg7
CVE-2024-46367 - Webkul Krayin CRM 1.3.0 is vulnerable to stored XSS, enabling remote attackers to inject malicious JavaScript code through the username field, potentially leading to privilege escalation within the CRM system.
Product: Webkul Krayin CRM
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46367
NVD References: https://gist.github.com/Tommywarren/4ac0c8f6e5d8584accd31b8277e55749
CVE-2024-6981 - OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication.
Product: OMNTEC Proteus Tank Monitoring OEL8000III Series
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6981
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-06
CVE-2024-8310 - OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.
Product: OPW Fuel Management Systems SiteSentinel
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8310
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01
CVE-2024-8630 - Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
Product: Alisonic Sibylla
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8630
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-02
CVE-2024-9295, CVE-2024-9296, CVE-2024-9318, & CVE-2024-9328 - SourceCodester Advocate Office Management System 1.0 is vulnerable to multiple critical sql injection issues
Product: Mayurik Advocate Office Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9295
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9296
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9318
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9328
NVD References:
- https://www.sourcecodester.com/
CVE-2024-8456 - Certain switch models from PLANET Technology are vulnerable to unauthenticated remote attackers gaining full control of the devices through improper access control in firmware upload and download functionality.
Product: PLANET Technology certain switch models
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8456
NVD References:
- https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html
- https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html
CVE-2024-46293 - Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control due to a lack of authorization checks for admin operations, allowing attackers to perform admin-level actions without a valid session token.
Product: Sourcecodester Online Medicine Ordering System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46293
NVD References: https://github.com/bunyamindemir/vulnerability-disclosures/blob/main/omos-authorization-bypass.md
CVE-2024-42017 - Atos Eviden iCare versions 2.7.1 through 2.7.11 expose a web interface locally, potentially allowing remote attackers to execute arbitrary commands with system privilege on the hosting endpoint.
Product: Atos Eviden iCare
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42017
NVD References:
CVE-2024-41276 - Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism through a request limiting flaw, enabling unauthorized access through a brute force attack.
Product: Kaiten
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41276
NVD References:
- https://github.com/artemy-ccrsky/CVE-2024-41276
CVE-2024-25660 - Infinera TNMS 19.10.3 WebDAV service allows low-privileged remote attackers to conduct unauthorized file operations due to unnecessary privilege execution.
Product: Infinera TNMS (Transcend Network Management System)
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25660
NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25660
CVE-2024-9392 - Firefox and Thunderbird versions prior to 131, 128.3, and 115.16 could allow for arbitrary loading of cross-origin pages due to a compromised content process.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9392
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1899154
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
- https://www.mozilla.org/security/advisories/mfsa2024-49/
- https://www.mozilla.org/security/advisories/mfsa2024-50/
CVE-2024-9401 & CVE-2024-9402 - Firefox, Firefox ESR, and Thunderbird versions prior to 131, 128.3, and 115.16, respectively, have memory safety bugs.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9401
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9402
NVD References:
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
- https://www.mozilla.org/security/advisories/mfsa2024-49/
- https://www.mozilla.org/security/advisories/mfsa2024-50/
CVE-2024-42514 - Mitel MiContact Center Business through 10.1.0.4 is vulnerable to unauthorized access attacks, allowing attackers to view sensitive information and send unauthorized messages.
Product: Mitel MiContact Center Business
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42514
NVD References:
- https://www.mitel.com/support/security-advisories
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024
CVE-2024-45519 - The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41,10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Product: Zimbra Collaboration (ZCS)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45519
ISC Podcast: https://isc.sans.edu/podcastdetail/9162
NVD References:
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://blog.projectdiscovery.io/zimbra-remote-code-execution/
The following vulnerability needs a manual review:
CVE-2024-47115
CVE-2024-8630 - Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
Product: Alisonic Sibylla
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8630
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-02
CVE-2024-9295, CVE-2024-9296, CVE-2024-9318, & CVE-2024-9328 - SourceCodester Advocate Office Management System 1.0 is vulnerable to multiple critical sql injection issues
Product: Mayurik Advocate Office Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9295
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9296
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9318
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9328
NVD References:
CVE-2024-8456 - Certain switch models from PLANET Technology are vulnerable to unauthenticated remote attackers gaining full control of the devices through improper access control in firmware upload and download functionality.
Product: PLANET Technology certain switch models
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8456
NVD References:
CVE-2024-46293 - Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control due to a lack of authorization checks for admin operations, allowing attackers to perform admin-level actions without a valid session token.
Product: Sourcecodester Online Medicine Ordering System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46293
NVD References: https://github.com/bunyamindemir/vulnerability-disclosures/blob/main/omos-authorization-bypass.md
CVE-2024-42017 - Atos Eviden iCare versions 2.7.1 through 2.7.11 expose a web interface locally, potentially allowing remote attackers to execute arbitrary commands with system privilege on the hosting endpoint.
Product: Atos Eviden iCare
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42017
NVD References:
CVE-2024-41276 - Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism through a request limiting flaw, enabling unauthorized access through a brute force attack.
Product: Kaiten
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41276
NVD References:
- https://github.com/artemy-ccrsky/CVE-2024-41276
CVE-2024-25660 - Infinera TNMS 19.10.3 WebDAV service allows low-privileged remote attackers to conduct unauthorized file operations due to unnecessary privilege execution.
Product: Infinera TNMS (Transcend Network Management System)
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25660
NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25660
CVE-2024-9392 - Firefox and Thunderbird versions prior to 131, 128.3, and 115.16 could allow for arbitrary loading of cross-origin pages due to a compromised content process.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9392
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1899154
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
- https://www.mozilla.org/security/advisories/mfsa2024-49/
- https://www.mozilla.org/security/advisories/mfsa2024-50/
CVE-2024-9401 & CVE-2024-9402 - Firefox, Firefox ESR, and Thunderbird versions prior to 131, 128.3, and 115.16, respectively, have memory safety bugs.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9401
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9402
NVD References:
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
- https://www.mozilla.org/security/advisories/mfsa2024-49/
- https://www.mozilla.org/security/advisories/mfsa2024-50/
CVE-2024-42514 - Mitel MiContact Center Business through 10.1.0.4 is vulnerable to unauthorized access attacks, allowing attackers to view sensitive information and send unauthorized messages.
Product: Mitel MiContact Center Business
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42514
NVD References:
- https://www.mitel.com/support/security-advisories
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024
CVE-2024-45519 - The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41,10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Product: Zimbra Collaboration (ZCS)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45519
ISC Podcast: https://isc.sans.edu/podcastdetail/9162
NVD References:
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://blog.projectdiscovery.io/zimbra-remote-code-execution/
The following vulnerability needs a manual review:
CVE-2024-47115
CVE-2024-25660 - Infinera TNMS 19.10.3 WebDAV service allows low-privileged remote attackers to conduct unauthorized file operations due to unnecessary privilege execution.
Product: Infinera TNMS (Transcend Network Management System)
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25660
NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25660
CVE-2024-9392 - Firefox and Thunderbird versions prior to 131, 128.3, and 115.16 could allow for arbitrary loading of cross-origin pages due to a compromised content process.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9392
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1899154
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
CVE-2024-9401 & CVE-2024-9402 - Firefox, Firefox ESR, and Thunderbird versions prior to 131, 128.3, and 115.16, respectively, have memory safety bugs.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9401
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9402
NVD References:
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476
- https://www.mozilla.org/security/advisories/mfsa2024-46/
- https://www.mozilla.org/security/advisories/mfsa2024-47/
- https://www.mozilla.org/security/advisories/mfsa2024-48/
CVE-2024-42514 - Mitel MiContact Center Business through 10.1.0.4 is vulnerable to unauthorized access attacks, allowing attackers to view sensitive information and send unauthorized messages.
Product: Mitel MiContact Center Business
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42514
NVD References:
- https://www.mitel.com/support/security-advisories
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024
CVE-2024-45519 - The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41,10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Product: Zimbra Collaboration (ZCS)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45519
ISC Podcast: https://isc.sans.edu/podcastdetail/9162
NVD References:
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://blog.projectdiscovery.io/zimbra-remote-code-execution/
The following vulnerability needs a manual review:
CVE-2024-47115
Sponsors
SANS
Webcast: SANS 2024 ICS/OT Survey: The State of ICS/OT Cybersecurity | Wednesday, October 9, 10:30 AM ET | SANS Certified Instructor, Jason Christopher, explores the growing trends in cyber threats, vulnerabilities, and risks across industrial environments, including actionable recommendations for how organizations can improve their security posture.
Sevco Security
How would you fix 80,000 vulnerabilities? With Sevco, an S&P 500 company realized only a small number of devices needed patches to resolve those vulns.
Fortinet, Inc.
Webcast: General Quarters! The Impact of Cybersecurity on the Maritime Industry | Thursday, October 17, 11:30 ET | In this webcast, SANS experts will explore the critical role of cybersecurity in safeguarding maritime operations. Save your seat today!
SANS
Webcast: SANS 2024 ICS/OT Survey: The State of ICS/OT Cybersecurity | Wednesday, October 9, 10:30 AM ET | SANS Certified Instructor, Jason Christopher, explores the growing trends in cyber threats, vulnerabilities, and risks across industrial environments, including actionable recommendations for how organizations can improve their security posture.