The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

From Perfctl to InfoStealer

Published: 2024-10-09.

Last Updated: 2024-10-09 07:18:37 UTC

by Xavier Mertens (Version: 1)

A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl. The malware has been pretty well analyzed and I won’t repeat what has been already disclosed. I found a copy of the "httpd" binary (SHA256:22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13). I dropped the malware in my lab to see how it detonated. I infected the lab without root privileges and detected the same behavior except files were not written to some locations due to a lack of access (not root). When executing without root privileges, the rootkit feature is unavailable and the malware runs "disclosed" ...

Read the full entry:

https://isc.sans.edu/diary/From+Perfctl+to+InfoStealer/31334/

Microsoft Patch Tuesday - October 2024

Published: 2024-10-08.

Last Updated: 2024-10-08 19:18:33 UTC

by Johannes Ullrich (Version: 1)

Microsoft today released patches for 117 vulnerabilities. Three additional vulnerabilities apply to Chromium/Edge. Another three vulnerabilities are rated critical.

Five of the vulnerabilities were disclosed before today. Two vulnerabilities were not only disclosed but also exploited, according to Microsoft

Notable Vulnerabilities:

Microsoft Management Console Remote Code Execution Vulnerability (CVE-2024-43572)

To Exploit this vulnerability, the attacker must convince the victim to open a malicious file.

Open Source Curl Remote Code Execution Vulnerability (CVE-2024-6197)

This vulnerability was disclosed and patched in libcurl back in July. Accordng to curl.se, the most likely outcome is a crash, but code execution can not be ruled out.

Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2024-20659)

The vulnerability allows an attacker to bypass the UEFI on the host machine and compromise the hypervisor and the secure kernel. Exploitation requires a reboot at the right time.

Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43573)

yet another Windows MSHTML Platform Spoofing vulnerability. Fourth 0-day just this year in this component. APT actors usually use these issues to make downloading and executing malware more likely.

Read the full entry:

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+October+2024/31336/

macOS Sequoia: System/Network Admins, Hold On!

Published: 2024-10-07.

Last Updated: 2024-10-07 15:58:48 UTC

by Xavier Mertens (Version: 1)

It's always tempting to install the latest releases of your preferred software and operating systems. After all, that's the message we pass to our beloved users: "Patch, patch, and patch again!". Last week, I was teaching for SANS and decided to not upgrade my MacBook to macOS 15.0 (Sequoia). Today, I had nothing critical scheduled and made the big jump. Upgrading the operating system is always stressful but everything ran smoothly. So far so good...

Later, I started to do my regular geek tasks and connected to several SSH hosts. After a random amount of time, I noticed the following error for many connections:

ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: Connection corrupted

This happened multiple times. I started to google for some users' feedback and experiences. It seems to be a problem faced by many people. What I've read:

It happens randomly

It affects IPv4 / IPv6

Not related to an SSH client (term, iTerm2, same)

People who upgraded to 15.0.1 have less frequent disconnections but the problem is not solved yet

Some recommendations (worked for some users)

Disable the macOS firewall

Turn off "Limit IP address tracking

Disable private rotating MAC

Disable tools like LittleSnitch

There is no "magic recipe" to fix the issue. On my Mac, disabling the address tracking did the job. I've now an SSH session open for 2h+.

Many forums are covering this topic. The most complete one I found is on the Apple support forum[1]. In conclusion, if SSH is a critical protocol for you, maybe hold on before upgrading your macOS.

Tip: If you need to SSH to a host, be sure to start your shell in a "screen" (or Byobu, ... ) session[2] to not lose your work.

[1] https://discussions.apple.com/thread/255761702?sortBy=rank&page=1

[2] https://ss64.com/bash/screen.html

https://isc.sans.edu/diary/macOS+Sequoia+SystemNetwork+Admins+Hold+On/31330/

Survey of CUPS exploit attempts (2024.10.04)

https://isc.sans.edu/diary/Survey+of+CUPS+exploit+attempts/31326/

Kickstart Your DShield Honeypot [Guest Diary] (2024.10.03)

https://isc.sans.edu/diary/Kickstart+Your+DShield+Honeypot+Guest+Diary/31320/

Security related Docker containers (2024.10.02)

https://isc.sans.edu/diary/Security+related+Docker+containers/31318/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: Zimbra Collaboration

CVSS Score: 9.8

** KEV since 2024-10-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45519

ISC Podcast: https://isc.sans.edu/podcastdetail/9162

NVD References:

- https://wiki.zimbra.com/wiki/Security_Center

- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

Product: Microsoft Management Console

CVSS Score: 7.8

** KEV since 2024-10-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43572

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572

Product: Microsoft Windows MSHTML Platform

CVSS Score: 6.5

** KEV since 2024-10-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43573

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573

Product: ONS-S8 Spectra Aggregation Switch

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41925

ISC Podcast: https://isc.sans.edu/podcastdetail/9166

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01

Product: ONS-S8 Spectra Aggregation Switch

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45367

ISC Podcast: https://isc.sans.edu/podcastdetail/9166

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01

Product: Multiple Qualcomm Chipsets

CVSS Score: 7.8

** KEV since 2024-10-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43047

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Product: Microsoft Windows Netlogon

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124

Product: Microsoft Configuration Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468

Product: Supermicro BMC firmware

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36435

ISC Podcast: https://isc.sans.edu/podcastdetail/9162

Product: Code-Projects Restaurant Reservation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9359

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9360

NVD References:

- https://code-projects.org/

- https://github.com/ppp-src/a/issues/22

- https://github.com/halhalz/-/issues/1

Product: Wechat Social login plugin for WordPress

Active Installations: This plugin has been closed as of September 30, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9106

NVD References:

- https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/add-ons/social-qq/class-xh-social-channel-qq.php?rev=2080785#L284

- https://www.wordfence.com/threat-intel/vulnerabilities/id/1bd44471-1a9c-4465-a52a-be64d51e7ea1?source=cve

Product: Wechat WordPress Social login plugin

Active Installations: This plugin has been closed as of September 30, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9108

NVD References:

- https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/includes/social/class-xh-social-wp-api.php?rev=2111074#L39

- https://www.wordfence.com/threat-intel/vulnerabilities/id/06881386-3c92-426b-948d-58e8a8bee624?source=cve

Product: Coderevolution Echo RSS Feed Post Generator

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9265

NVD References:

- https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c099f401-4b05-4532-8e31-af1b1dea7eca?source=cve

Product: Redefiningtheweb Affiliate Pro

Active Installations: 5,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9289

NVD References:

- https://codecanyon.net/item/wordpress-woocommerce-affiliate-program/23580333

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ed19835f-2718-41d8-95af-47c8b9589529?source=cve

Product: Vmaxstudio Vmax Project Manager

Active Installations: unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44014

NVD References: https://patchstack.com/database/vulnerability/vmax-project-manager/wordpress-vmax-project-manager-plugin-1-0-local-file-inclusion-to-rce-vulnerability?_s_id=cve

Product: YITH YITH WooCommerce Ajax Search

Active Installations: 40,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47350

NVD References: https://patchstack.com/database/vulnerability/yith-woocommerce-ajax-search/wordpress-yith-woocommerce-ajax-search-plugin-2-8-0-sql-injection-vulnerability?_s_id=cve

Product: LatePoint WordPress Plugin

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8911

NVD References:

- https://wpdocs.latepoint.com/changelog/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=cve

Product: LatePoint LatePoint plugin for WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8943

NVD References:

- https://wpdocs.latepoint.com/changelog/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/bac8c35b-2afa-4347-b86e-2f16db19a4d3?source=cve

Product: KaitenCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41276NVD References:- https://github.com/artemy-ccrsky/CVE-2024-41276- https://kaiten.ru/CVE-2024-25660 - Infinera TNMS 19.10.3 WebDAV service allows low-privileged remote attackers to conduct unauthorized file operations due to unnecessary privilege execution.Product: Infinera TNMS (Transcend Network Management System)CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25660NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25660CVE-2024-9392 - Firefox and Thunderbird versions prior to 131, 128.3, and 115.16 could allow for arbitrary loading of cross-origin pages due to a compromised content process.Product: Mozilla Firefox and ThunderbirdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9392NVD References:- https://bugzilla.mozilla.org/show_bug.cgi?id=1899154- https://bugzilla.mozilla.org/show_bug.cgi?id=1905843- https://www.mozilla.org/security/advisories/mfsa2024-46/- https://www.mozilla.org/security/advisories/mfsa2024-47/- https://www.mozilla.org/security/advisories/mfsa2024-48/- https://www.mozilla.org/security/advisories/mfsa2024-49/- https://www.mozilla.org/security/advisories/mfsa2024-50/CVE-2024-9401 & CVE-2024-9402 - Firefox, Firefox ESR, and Thunderbird versions prior to 131 are susceptible to memory safety bugs that could potentially lead to arbitrary code execution.Product: Mozilla Firefox, Firefox ESR, and ThunderbirdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9401NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9402NVD References:- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476- https://www.mozilla.org/security/advisories/mfsa2024-46/- https://www.mozilla.org/security/advisories/mfsa2024-47/- https://www.mozilla.org/security/advisories/mfsa2024-48/- https://www.mozilla.org/security/advisories/mfsa2024-49/- https://www.mozilla.org/security/advisories/mfsa2024-50/CVE-2024-47608 - Logicytics is susceptible to shell injections on compromised devices, but the vulnerability has been patched in version 2.3.2.Product: Definetlynotai LogicyticsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47608NVD References: https://github.com/DefinetlyNotAI/Logicytics/security/advisories/GHSA-5wvr-vvqf-668mNVD References: https://www.codefactor.io/repository/github/definetlynotai/logicytics/issues/mainCVE-2024-45999 - Cloudlog 2.6.15 is vulnerable to SQL Injection via the get_station_info() function in Oqrs_model.php.Product: Magicbug CloudlogCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45999NVD References: https://chiggerlor.substack.com/p/cve-2024-45999CVE-2024-45186 - FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.Product: FileSenderCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45186NVD References: https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/CVE-2024-35293 - SCHNEIDER Elektronik's 700 series are susceptible to remote attackers exploiting missing authentication to reboot or erase devices, leading to potential data loss and denial of service.Product: SCHNEIDER Elektronik's 700 seriesCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35293NVD References: https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-1.pdfCVE-2024-9429 - Code-projects Restaurant Reservation System 1.0 is vulnerable to a critical SQL injection flaw in the /filter2.php file, allowing for remote attacks.Product: Code-Projects Restaurant Reservation SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9429NVD References:- https://code-projects.org/- https://github.com/ppp-src/a/issues/23CVE-2024-44193 - iTunes 12.13.3 for Windows allows local attackers to elevate their privileges due to a logic issue that has been fixed with improved restrictions.Product: iTunes 12.13.3 for WindowsCVSS Score: 8.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44193ISC Podcast: https://isc.sans.edu/podcastdetail/9170NVD References: https://support.apple.com/en-us/121328CVE-2024-20518 through CVE-2024-20521 - Cisco Small Business RV042, RV042G, RV320, and RV325 Routers are vulnerable to arbitrary code execution by an authenticated, remote attacker with Administrator-level credentials.Product: Cisco Small Business RV042, RV042G, RV320, and RV325 RoutersCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20518NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20519NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20520NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20521NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhVCVE-2024-9441 - The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS com…

Product: Infinera TNMS (Transcend Network Management System)

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25660

NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25660

Product: Mozilla Firefox and Thunderbird

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9392

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1899154

- https://bugzilla.mozilla.org/show_bug.cgi?id=1905843

- https://www.mozilla.org/security/advisories/mfsa2024-46/

- https://www.mozilla.org/security/advisories/mfsa2024-47/

- https://www.mozilla.org/security/advisories/mfsa2024-48/

- https://www.mozilla.org/security/advisories/mfsa2024-49/

- https://www.mozilla.org/security/advisories/mfsa2024-50/

Product: Mozilla Firefox, Firefox ESR, and Thunderbird

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9401

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9402

NVD References:

- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476

- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476

- https://www.mozilla.org/security/advisories/mfsa2024-46/

- https://www.mozilla.org/security/advisories/mfsa2024-47/

- https://www.mozilla.org/security/advisories/mfsa2024-48/

- https://www.mozilla.org/security/advisories/mfsa2024-49/

- https://www.mozilla.org/security/advisories/mfsa2024-50/

Product: Definetlynotai Logicytics

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47608

NVD References: https://github.com/DefinetlyNotAI/Logicytics/security/advisories/GHSA-5wvr-vvqf-668m

NVD References: https://www.codefactor.io/repository/github/definetlynotai/logicytics/issues/main

Product: Magicbug Cloudlog

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45999

NVD References: https://chiggerlor.substack.com/p/cve-2024-45999

Product: FileSender

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45186

NVD References: https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/

Product: SCHNEIDER Elektronik's 700 series

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35293

NVD References: https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-1.pdf

Product: Code-Projects Restaurant Reservation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9429

NVD References:

- https://code-projects.org/

- https://github.com/ppp-src/a/issues/23

Product: iTunes 12.13.3 for Windows

CVSS Score: 8.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44193

ISC Podcast: https://isc.sans.edu/podcastdetail/9170

NVD References: https://support.apple.com/en-us/121328

Product: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20518

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20519

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20520

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20521

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

Product: Linear eMerge e3-Series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9441

NVD References:

- https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/

- https://vulncheck.com/advisories/linear-emerge-forgot-password

Product: Codezips Online Shopping Portal

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9460

NVD References: https://github.com/ppp-src/CVE/issues/8

Product: Draytek Vigor3912

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41593

NVD References:

- https://www.forescout.com/resources/draybreak-draytek-research/

- https://www.forescout.com/resources/draytek14-vulnerabilities

Product: Delta Electronics DIAEnergie

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43699

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03

- https://www.deltaww.com/en-US/Cybersecurity_Advisory

Product: TaskCafe 0.3.2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26770

NVD References:

- https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory

- https://github.com/JordanKnott/taskcafe

Product: Cavok before versions 4.7.2, 4.6.11

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45249

NVD References: https://www.gov.il/en/Departments/faq/cve_advisories

Product: Elsight Halo version 11.7.1.5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45251

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45252

NVD References: https://www.gov.il/en/Departments/faq/cve_advisories

Product: Nest cameras and doorbells firmware

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44097

NVD References: https://support.google.com/product-documentation/answer/14950962?sjid=9489879942601373169-NA

Product: Multiple chipsets

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33066

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Product: Multiple Mediatek chipsets

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20100

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20101

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20103

NVD References: https://corp.mediatek.com/product-security-bulletin/October-2024

Product: Mecha CMS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46446

NVD References:

- http://mecha-cmscom.com

- https://github.com/Sp1d3rL1/Mecha-cms-Arbitrary-File-Deletion-Vulnerability

Product: RuoYi v4.7.9

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46076

NVD References:

- https://gist.github.com/kkll5875/f237f200bae6db6b47eea3236d82ad0d

- https://github.com/yangzongzhuan/RuoYi

Product: VegaBird Yaazhini

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45873

NVD References:

- http://vegabird.com

- https://sploitus.com/exploit?id=PACKETSTORM:181912

Product: VegaBird Vooki

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45874

NVD References:

- http://vegabird.com

- https://sploitus.com/exploit?id=PACKETSTORM:181913

Product: Siemens SENTRON 7KM PAC3200

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41798

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-850560.html

Product: Siemens SINEC Security Monitor

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47553

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-430425.html

Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884

NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-07&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-07.pdf

Product: Pure Storage FlashArray

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057

NVD References: https://support.purestorage.com/category/m_pure_storage_product_security

Product: Anteeo AnteeoWMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349

NVD References:

- https://blog.cybergon.com/posts/cve-2024-44349/

- https://cybergon.com/

Product: Microsoft Windows Hyper-V

CVSS Score: 7.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20659

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659

Product: Microsoft Windows Routing and Remote Access Service (RRAS)

CVSS Scores: 7.8 - 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38212

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38261

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38265

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43453

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43564

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43589

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43592

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43593

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43607

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43608

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43611

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38212

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38261

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38265

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43453

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43564

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43589

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43592

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43593

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43607

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43608

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43611

The following vulnerabilities need a manual review:

CVE-2024-7025

CVE-2024-9369

CVE-2024-9370