SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 41
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Angular-base64-update Demo Script Exploited (CVE-2024-42640)
Published: 2024-10-15.
Last Updated: 2024-10-15 15:08:01 UTC
by Johannes Ullrich (Version: 1)
Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any "demo" or "example" folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication [1]. Exploitation of the vulnerability is trivial. An attacker may use the file upload script to upload a web shell, and in response, the attacker will obtain remote command execution with all the privileges granted to the web server.
Sadly, the project is also no longer maintained. But a patch is not needed. Removing the vulnerable script (and likely the entire demo folder) should be an appropriate response.
Shortly after the blog post's publication, we detected exploit attempts in our web honeypot logs. On October 14th, we saw about 3,000 scans for ...
[1] https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html
Read the complete entry:
https://isc.sans.edu/diary/Angularbase64update+Demo+Script+Exploited+CVE202442640/31354/
Phishing Page Delivered Through a Blob URL
Published: 2024-10-14.
Last Updated: 2024-10-14 07:37:44 UTC
by Xavier Mertens (Version: 1)
I receive a lot of spam in my catch-all mailboxes. If most of them are not interesting, some still attract my attention. Especially the one that I'll describe in this diary. The scenario is classic, an important document is pending delivery but... the victim needs to authenticate to get the precious! As you can see in the screenshot below, the phishing kit supports well-known service providers ...
But check carefully the URL: It starts with "blob:"! Usually, BLOBs are used to represent "Binary Large OBjects". In the context of a browser, an object URL[1] is a pseudo protocol to allow blob and file objects to be used as URL sources for things like images, download links for binary data, and so forth. It's part of the URL specification for handling binary data that needs to be referenced or accessed as an actual file, even if it doesn't exist as a physical file on a server.
In the context of this phishing kit, the attacker generated the landing page in a blob to remain stealthy. Let's have a look at the code ...
[1] https://en.wikipedia.org/wiki/Blob_URI_scheme
Read the complete entry:
https://isc.sans.edu/diary/Phishing+Page+Delivered+Through+a+Blob+URL/31350/
Internet Storm Center Entries
Wireshark 4.4.1 Released (2024.10.13)
https://isc.sans.edu/diary/Wireshark+441+Released/31346/
Microsoft Patch Tuesday - October 2024 (2024.10.08)
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+October+2024/31336/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-23113 - Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 are vulnerable to a use of externally-controlled format string, enabling an attacker to execute unauthorized code or commands via specially crafted packets.
Product: Fortinet FortiOS
CVSS Score: 0
** KEV since 2024-10-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23113
ISC Podcast: https://isc.sans.edu/podcastdetail/9174
CVE-2024-9680 - Firefox is vulnerable to code execution in the content process through a use-after-free in Animation timelines, with reports of exploitation in the wild, affecting versions up to Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1.
Product: Mozilla Firefox
CVSS Score: 9.8
** KEV since 2024-10-15 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9680
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
CVE-2024-9164 - GitLab EE is vulnerable to issues that allow running pipelines on arbitrary branches in versions between 12.5 and 17.4.2.
Product: GitLab EE
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9164
ISC Podcast: https://isc.sans.edu/podcastdetail/9176
NVD References:
CVE-2024-42640 - Angular-base64-upload prior to v0.1.21 allows unauthenticated remote code execution via demo/server.php, enabling attackers to upload and execute arbitrary content on the server.
Product: Angular base64-upload
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42640
ISC Podcast: https://isc.sans.edu/podcastdetail/9182
NVD References:
- https://github.com/adonespitogo/angular-base64-upload
- https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html
CVE-2024-9379 - Ivanti CSA before version 5.0.2 is vulnerable to SQL injection by remote authenticated attackers with admin privileges.
Product: Ivanti Endpoint Manager Cloud Services Appliance (CSA)
CVSS Score: 7.2
** KEV since 2024-10-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9379
NVD References:
CVE-2024-9379 - CVE-2024-9380-
CVE-2024-9380 - Ivanti CSA before version 5.0.2 is vulnerable to OS command injection in the admin web console, enabling a remote authenticated attacker to execute remote code with admin privileges.
CVE-2024-9379 - CVE-2024-9380-
CVE-2024-9380 - Ivanti CSA before version 5.0.2 is vulnerable to OS command injection in the admin web console, enabling a remote authenticated attacker to execute remote code with admin privileges.
Product: Ivanti Endpoint Manager Cloud Services Appliance (CSA)
CVSS Score: 7.2
** KEV since 2024-10-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9380
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381
CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability
Product: Microsoft Windows 10 1809
CVSS Score: 7.8
** KEV since 2024-10-08 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43572
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572
CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability
Product: Microsoft Windows 10 22H2
CVSS Score: 8.1
** KEV since 2024-10-08 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43573
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573
CVE-2024-41798 - SENTRON 7KM PAC3200 (All versions) devices are vulnerable to unauthorized administrative access through the Modbus TCP interface due to a weak 4-digit PIN protection.
Product: Siemens SENTRON 7KM PAC3200
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41798
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-850560.html
CVE-2024-47553 - Siemens SINEC Security Monitor (< V4.9.0) allows authenticated attackers to execute arbitrary code with root privileges through insufficient validation of user input in the ```ssmctl-client``` command.
Product: Siemens SINEC Security Monitor
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47553
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-430425.html
CVE-2024-8911 - The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11, allowing unauthenticated attackers to potentially take over administrator accounts.
Product: LatePoint plugin for WordPress
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8911
NVD References:
CVE-2024-8943 - The LatePoint plugin for WordPress is vulnerable to authentication bypass up to version 5.0.12, allowing unauthenticated attackers to log in as any existing user on the site if they have access to the user id.
Product: LatePoint plugin for WordPress
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8943
NVD References:
CVE-2024-9518 - The UserPlus plugin for WordPress allows unauthenticated attackers to escalate their privileges by manipulating user role parameters during registration.
Product: WP UserPlus plugin
Active Installations: This plugin has been closed as of October 8, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9518
NVD References:
CVE-2024-9796 - The WP-Advanced-Search WordPress plugin is vulnerable to SQL injection attacks due to lack of sanitization in the t parameter before using it in a SQL statement.
Product: Internet-Formation Wp-Advanced-Search
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9796
NVD References: https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/
CVE-2024-9822 - The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass up to version 2.0.5, allowing unauthenticated attackers to log in as the first user, often the administrator.
Product: Wordpress Pedalo Connector plugin
Active Installations: This plugin has been closed as of October 10, 2024 and is not available for download. This closure is permanent. Reason: Author Request.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9822
NVD References:
CVE-2024-9234 - The GutenKit plugin for WordPress allows unauthenticated attackers to upload arbitrary files through a missing capability check in the install-active-plugin REST API endpoint.
Product: The GutenKit Page Builder Blocks
Active Installations: 9,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9234
NVD References:
CVE-2024-9707 - The Hunk Companion plugin for WordPress allows unauthorized plugin installation/activation through a missing capability check, posing a risk of remote code execution.
Product: ThemeHunk Hunk Companion plugin
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9707
NVD References:
CVE-2024-47331 - NinjaTeam Multi Step for Contact Form suffers from an SQL Injection vulnerability in versions up to 2.7.7.
Product: NinjaTeam Multi Step for Contact FormActive Installations: 10,000+CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47331NVD References: https://patchstack.com/database/vulnerability/cf7-multi-step/wordpress-multi-step-for-contact-form-plugin-2-7-7-unauthenticated-sql-injection-vulnerability?_s_id=cveCVE-2024-48033 - Elie Burstein, Baptiste Gourdin Talkback is vulnerable to object injection due to deserialization of untrusted data from versions n/a through 1.0.Product: Elie Burstein, Baptiste Gourdin, TalkbackActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48033NVD References: https://patchstack.com/database/vulnerability/talkback-secure-linkback-protocol/wordpress-talkback-plugin-1-0-php-object-injection-vulnerability?_s_id=cveCVE-2024-9047 - The WordPress File Upload plugin is vulnerable to Path Traversal, allowing unauthenticated attackers to read or delete files outside of the originally intended directory.Product: WordPress File Upload pluginActive Installations: 20,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9047NVD References: - https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload- https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cveCVE-2024-9105 - The UltimateAI plugin for WordPress up to version 2.8.3 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.Product: WordPress UltimateAI pluginActive Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9105NVD References: - https://codecanyon.net/item/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation/51201953- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=cveCVE-2024-9634 - The GiveWP – Donation Plugin and Fundraising Platform for WordPress is vulnerable to PHP Object Injection and remote code execution through untrusted input in the give_company_name parameter.Product: GiveWP Donation Plugin for WordPressActive Installations: 100,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9634NVD References: - https://plugins.trac.wordpress.org/browser/give/tags/3.16.2/src/Donations/Repositories/DonationRepository.php?rev=3157829- https://plugins.trac.wordpress.org/changeset/3166836/give/tags/3.16.4/includes/process-donation.php- https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cveCVE-2024-47636 - Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection. This issue affects JobSearch: from n/a through 2.5.9.Product: Eyecix JobSearchActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47636NVD References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cveCVE-2024-8884 - The vulnerability in Schneider Electric System Monitor application could lead to the exposure of credentials if an attacker gains access to the application over http.Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series productsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884NVD References: https://download.schneider-electric.com/doc/SEVD-2024-282-07/SEVD-2024-282-07.pdfCVE-2024-3057 - A flaw exists in Pure Storage FlashArray whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.Product: Pure Storage FlashArrayCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057NVD References: https://support.purestorage.com/category/m_pure_storage_product_securityCVE-2024-44349 - AnteeoWMS before v4.7.34 is vulnerable to a SQL injection attack in the login portal, allowing attackers to execute arbitrary SQL commands and access certain data in the database without authentication.Product: Anteeo AnteeoWMSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349NVD References: - https://blog.cybergon.com/posts/cve-2024-44349/- https://cybergon.com/- https://github.com/AndreaF17/PoC-CVE-2024-44349CVE-2024-38124 - Windows Netlogon Elevation of Privilege VulnerabilityProduct: Microsoft Windows NetlogonCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution VulnerabilityProduct: Microsoft Configuration ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468NVD References: https://msrc.microsof…
CVE-2024-9047 - The WordPress File Upload plugin is vulnerable to Path Traversal, allowing unauthenticated attackers to read or delete files outside of the originally intended directory.
Product: WordPress File Upload plugin
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9047
NVD References:
- https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload
CVE-2024-9105 - The UltimateAI plugin for WordPress up to version 2.8.3 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.
Product: WordPress UltimateAI pluginActive Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9105NVD References: - https://codecanyon.net/item/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation/51201953- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=cveCVE-2024-9634 - The GiveWP – Donation Plugin and Fundraising Platform for WordPress is vulnerable to PHP Object Injection and remote code execution through untrusted input in the give_company_name parameter.Product: GiveWP Donation Plugin for WordPressActive Installations: 100,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9634NVD References: - https://plugins.trac.wordpress.org/browser/give/tags/3.16.2/src/Donations/Repositories/DonationRepository.php?rev=3157829- https://plugins.trac.wordpress.org/changeset/3166836/give/tags/3.16.4/includes/process-donation.php- https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cveCVE-2024-47636 - Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection. This issue affects JobSearch: from n/a through 2.5.9.Product: Eyecix JobSearchActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47636NVD References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cveCVE-2024-8884 - The vulnerability in Schneider Electric System Monitor application could lead to the exposure of credentials if an attacker gains access to the application over http.Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series productsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884NVD References: https://download.schneider-electric.com/doc/SEVD-2024-282-07/SEVD-2024-282-07.pdfCVE-2024-3057 - A flaw exists in Pure Storage FlashArray whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.Product: Pure Storage FlashArrayCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057NVD References: https://support.purestorage.com/category/m_pure_storage_product_securityCVE-2024-44349 - AnteeoWMS before v4.7.34 is vulnerable to a SQL injection attack in the login portal, allowing attackers to execute arbitrary SQL commands and access certain data in the database without authentication.Product: Anteeo AnteeoWMSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349NVD References: - https://blog.cybergon.com/posts/cve-2024-44349/- https://cybergon.com/- https://github.com/AndreaF17/PoC-CVE-2024-44349CVE-2024-38124 - Windows Netlogon Elevation of Privilege VulnerabilityProduct: Microsoft Windows NetlogonCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution VulnerabilityProduct: Microsoft Configuration ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468CVE-2024-45160 - LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication by using an empty client_secret parameter.Product: LemonLDAP::NGCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45160NVD References: - https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tagsCVE-2023-46586 - Weborf's cgi.c versions 0.17 through 0.20 do not properly terminate paths for CGI scripts, leading to potential security issues.Product: Weborf cgi.cCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46586NVD References: - https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d- https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991- https://github.com/ltworf/weborf/pull/88- https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4CVE-2024-25825 - FydeOS products were found to have a root password saved as a wildcard, enabling attackers to easily gain root access.Product: FydeOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25825NVD Re…
CVE-2024-47636 - Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection. This issue affects JobSearch: from n/a through 2.5.9.
Product: Eyecix JobSearch
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47636
NVD References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cve
CVE-2024-8884 - The vulnerability in Schneider Electric System Monitor application could lead to the exposure of credentials if an attacker gains access to the application over http.
Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series products
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884
NVD References: https://download.schneider-electric.com/doc/SEVD-2024-282-07/SEVD-2024-282-07.pdf
CVE-2024-3057 - A flaw exists in Pure Storage FlashArray whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
Product: Pure Storage FlashArray
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057
NVD References: https://support.purestorage.com/category/m_pure_storage_product_security
CVE-2024-44349 - AnteeoWMS before v4.7.34 is vulnerable to a SQL injection attack in the login portal, allowing attackers to execute arbitrary SQL commands and access certain data in the database without authentication.
Product: Anteeo AnteeoWMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349
NVD References:
CVE-2024-38124 - Windows Netlogon Elevation of Privilege Vulnerability
Product: Microsoft Windows Netlogon
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124
CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution Vulnerability
Product: Microsoft Configuration Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468
CVE-2024-45160 - LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication by using an empty client_secret parameter.
Product: LemonLDAP::NG
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45160
NVD References:
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223
CVE-2023-46586 - Weborf's cgi.c versions 0.17 through 0.20 do not properly terminate paths for CGI scripts, leading to potential security issues.
Product: Weborf cgi.c
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46586
NVD References:
- https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d
- https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991
- https://github.com/ltworf/weborf/pull/88
- https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4
CVE-2024-25825 - FydeOS products were found to have a root password saved as a wildcard, enabling attackers to easily gain root access.
Product: FydeOS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25825
NVD References:
- https://gist.github.com/hchasens/d20dff418f6908dc96e65f4e43a058f1
CVE-2024-45746 - Trusted Firmware-M through 2.1.0 allows for remote code execution due to unchecked pointers in user-provided mailbox messages.
Product: Arm Trusted Firmware-M
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45746
NVD References:
CVE-2024-9465 - Palo Alto Networks Expedition is vulnerable to an SQL injection, enabling unauthenticated attackers to access sensitive database information and exploit system files.
Product: Palo Alto Networks Expedition
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9465
NVD References: https://security.paloaltonetworks.com/PAN-SA-2024-0010
CVE-2024-48949 - The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.
Product: Indutny Elliptic
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48949
NVD References:
- https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281
- https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6
CVE-2024-9798 - The health endpoint in Spring Boot is public in the vulnerable product, exposing a list of all services and providing potentially valuable information for attackers.
Product: Spring Boot
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9798
NVD References: https://github.com/zowe/api-layer
CVE-2024-45115 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability allowing attackers to gain unauthorized access or elevated privileges without user interaction.
Product: Adobe Commerce
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45115
NVD References: https://helpx.adobe.com/security/products/magento/apsb24-73.html
CVE-2024-9201 - The SEUR plugin is vulnerable to time-based SQL injection through the 'id_order' parameter of the '/modules/seur/ajax/saveCodFee.php' endpoint in versions prior to 2.5.11.
Product: SEUR plugin
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9201
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-seur-plugin
CVE-2024-9794 - Codezips Online Shopping Portal 1.0 is vulnerable to a critical unrestricted upload issue in /update-image1.php, allowing for remote initiation of attacks.
Product: Codezips Online Shopping Portal
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9794
NVD References:
- https://github.com/ppp-src/CVE/issues/7
- https://vuldb.com/?ctiid.279947
CVE-2024-9813 - Codezips Pharmacy Management System 1.0 is vulnerable to SQL injection through manipulation of the argument category in product/register.php, allowing remote attackers to exploit the system.
Product: Codezips Pharmacy Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9813NVD References: - https://github.com/ppp-src/CVE/issues/10- https://vuldb.com/?ctiid.279965- https://vuldb.com/?id.279965- https://vuldb.com/?submit.418904CVE-2024-9811 - Restaurant Reservation System 1.0 is vulnerable to remote SQL injection through the manipulation of the argument company in filter3.php, with the exploit publicly disclosed.Product: Code-Projects Restaurant Reservation SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9811NVD References: - https://code-projects.org/- https://github.com/ppp-src/a/issues/24- https://vuldb.com/?ctiid.279963- https://vuldb.com/?id.279963- https://vuldb.com/?submit.418728CVE-2024-9812 - Crud Operation System 1.0 is vulnerable to a critical SQL injection flaw in delete.php's sid argument, allowing for remote attacks.Product: Code-Projects Crud Operation SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9812NVD References: - https://code-projects.org/- https://github.com/ppp-src/a/issues/25- https://vuldb.com/?ctiid.279964- https://vuldb.com/?id.279964- https://vuldb.com/?submit.418729CVE-2024-21534 - jsonpath-plus versions before 10.0.0 are vulnerable to Remote Code Execution (RCE) through unsafe default usage of vm in Node, allowing attackers to execute arbitrary code on the system.Product: jsonpath-plusCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21534NVD References: - https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884CVE-2024-47830 - Plane is vulnerable to wildcard support exploitation, allowing attackers to manipulate server requests through image retrieval.Product: PlaneCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47830NVD References: - https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1- https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348CVE-2024-47875 - DOMpurify had a nesting-based mXSS vulnerability that was fixed in versions 2.5.0 and 3.1.3.Product: DOMpurifyCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47875NVD References: - https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098- https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f- https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a- https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jfCVE-2024-46088 - Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 is vulnerable to arbitrary file uploads, allowing attackers to execute arbitrary code.Product: Zhejiang University Entersoft Customer Resource Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46088NVD References: - http://zhejiang.com- https://periwinkle-brother-031.notion.site/Analysis-of-any-file-upload-vulnerability-of-Zhejiang-University-Entersoft-Customer-Resource-Managem-0f88a0e77d6f4f638bc3c4e508a1e0ed- https://www.entersoft.cn/CVE-2024-48769 - An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.Product: BURG-WCHTER KG de.burgwachter.keyapp.appCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48769NVD References: - http://burg-wchter.com- http://deburgwachterkeyappapp.com- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/de.burgwachter.keyapp.app/de.burgwachter.keyapp.mdCVE-2024-48778 - GIANT MANUFACTURING CO., LTD RideLink 2.0.7 allows remote hackers to access sensitive information during firmware updates.Product: GIANT MANUFACTURING CO. LTD, RideLinkCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48778NVD References: - http://giant.com- http://ridelink.com- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/tw.giant.ridelink/tw.giant.ridelink.mdCVE-2024-48784 - SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to access sensitive information during firmware updates.Product: SAMPMAX homemaxCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48784NVD References: - http://comsampmaxhomemax.com- http://sampmax.com- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.sampmax.homemax/com.sampmax.homemax.mdCVE-2024-48786 - SwitchBot INC SwitchBot 5.0.4 allows a remote attacker to access sensitive information during firmware updates.Product: SwitchBotCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48786NVD References: - http://switchbot.com- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.theswitchbot.switchbot/com.theswitchbot.switchbot.mdCVE-2024-48787 - Revic Optics Revic Ops 1.12.5 allows a remote attacker to obtain sensitive information through the firmware update process.Product: …
CVE-2024-9812 - Crud Operation System 1.0 is vulnerable to a critical SQL injection flaw in delete.php's sid argument, allowing for remote attacks.
Product: Code-Projects Crud Operation System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9812
NVD References:
- https://github.com/ppp-src/a/issues/25
- https://vuldb.com/?ctiid.279964
CVE-2024-21534 - jsonpath-plus versions before 10.0.0 are vulnerable to Remote Code Execution (RCE) through unsafe default usage of vm in Node, allowing attackers to execute arbitrary code on the system.
Product: jsonpath-plus
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21534
NVD References:
- https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3
- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
CVE-2024-47830 - Plane is vulnerable to wildcard support exploitation, allowing attackers to manipulate server requests through image retrieval.
Product: Plane
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47830
NVD References:
- https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1
- https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348
CVE-2024-47875 - DOMpurify had a nesting-based mXSS vulnerability that was fixed in versions 2.5.0 and 3.1.3.
Product: DOMpurify
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47875
NVD References:
- https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
- https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
- https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
CVE-2024-46088 - Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 is vulnerable to arbitrary file uploads, allowing attackers to execute arbitrary code.
Product: Zhejiang University Entersoft Customer Resource Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46088
NVD References:
CVE-2024-48769 - An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.
Product: BURG-WCHTER KG de.burgwachter.keyapp.app
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48769
NVD References:
CVE-2024-48778 - GIANT MANUFACTURING CO., LTD RideLink 2.0.7 allows remote hackers to access sensitive information during firmware updates.
Product: GIANT MANUFACTURING CO. LTD, RideLink
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48778
NVD References:
CVE-2024-48784 - SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to access sensitive information during firmware updates.
Product: SAMPMAX homemax
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48784
NVD References:
CVE-2024-48786 - SwitchBot INC SwitchBot 5.0.4 allows a remote attacker to access sensitive information during firmware updates.
Product: SwitchBot
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48786
NVD References:
CVE-2024-48787 - Revic Optics Revic Ops 1.12.5 allows a remote attacker to obtain sensitive information through the firmware update process.
Product: Revic Optics Revic Ops
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48787
NVD References:
CVE-2024-48772 - An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process.
Product: C-CHIP cchipamaota
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48772
NVD References:
- http://comcchipcchipamaota.com
CVE-2024-9921 - TEAMPLUS TECHNOLOGY's The Team+ does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands.
Product: TEAMPLUS TECHNOLOGY The Team+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9921
NVD References:
CVE-2024-9924 - OAKlouds from Hgiga remains vulnerable to unauthenticated remote attackers downloading arbitrary system files despite the incomplete fix for
Product: Hgiga OAKlouds
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9924
NVD References:
CVE-2024-9137 - Moxa service in the affected product lacks an authentication check, allowing attackers to execute commands and compromise the system.
CVE-2024-48150 - D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.
Product: D-Link DIR-820L
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48150
NVD References: https://github.com/fu37kola/cve/blob/main/D-Link/DIR-820L/D-Link%20DIR-820L%20Stack%20Overflow%20Vulnerability.md
CVE-2024-48168 - D-Link DCS-960L 1.09 is susceptible to a stack overflow vulnerability in its sub_402280 function of the HNAP service, enabling remote code execution.
Product: D-Link DCS-960L
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48168
NVD References: https://github.com/fu37kola/cve/blob/main/D-Link/DCS-960L/D-Link%20DCS-960L%201.09%20Stack%20overflow_1.md
CVE-2024-46535 - Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.
Product: Jepaas v7.2.8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46535
NVD References: https://gitee.com/ketr/jepaas-release/issues/IAPJ8H?from=project-issue
CVE-2023-48082 - Nagios XI before 5.11.3 2024R1 is vulnerable to improperly generated API keys, potentially leading to authentication bypass for all users.
Product: Nagios XI
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48082
NVD References: https://www.nagios.com/change-log/
CVE-2024-48823 - Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.
Product: Automatic Systems Maintenance SlimLane
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48823
NVD References: https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/
CVE-2024-9972 - ChanGate's Property Management System is vulnerable to SQL Injection, enabling remote attackers to manipulate database contents without authentication.
Product: ChanGate Property Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9972
NVD References:
CVE-2024-9982 - AIM LINE Marketing Platform from Esi Technology is vulnerable to injection attacks, allowing unauthenticated remote attackers to manipulate database content when the LINE Campaign Module is enabled.
Product: Esi Technology AIM LINE Marketing Platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9982
NVD References:
CVE-2024-9925 - TAI Smart Factory's QPLANT SF version 1.0 is vulnerable to SQL injection, allowing remote attackers to retrieve database information via a specially crafted SQL query on the ‘email’ parameter.
Product: TAI Smart Factory QPLANT SF
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9925
NVD References: https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory
CVE-2024-9984 - Ragic Enterprise Cloud Database allows unauthenticated remote attackers to obtain user session cookies through unauthenticated access to specific functionality.
Product: Ragic Enterprise Cloud Database
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9984
NVD References:
CVE-2024-9985 - Enterprise Cloud Database from Ragic allows attackers to upload a webshell and execute arbitrary code due to lack of file type validation.
Product: Ragic Enterprise Cloud Database
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9985
NVD References:
CVE-2024-47945 - Rittal IoT Interface & CMC III Processing Unit devices are vulnerable to session hijacking due to predictable session IDs with insufficient entropy, allowing attackers to pre-generate valid IDs and gain unauthorized access to user sessions.
Product: Rittal IoT Interface & CMC III Processing Unit
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47945
NVD References:
CVE-2024-9973 & CVE-2024-9974 - SourceCodester Online Eyewear Shop 1.0 critical SQL injection vulnerabilities
Product: Oretnom23 Online_Eyewear_Shop 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9973
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9974
NVD References: https://gist.github.com/higordiego/b9699573de61b26f2290e69f38d23fd0
NVD References: https://gist.github.com/higordiego/2373b9e3e89f03e5f8888efd38eb4b48
NVD References: https://vuldb.com/?ctiid.280338
NVD References: https://vuldb.com/?id.280338
NVD References: https://vuldb.com/?submit.423167
NVD References: https://vuldb.com/?ctiid.280339
NVD References: https://vuldb.com/?id.280339
NVD References: https://vuldb.com/?submit.423231
NVD References: https://www.sourcecodester.com/
CVE-2024-45274 - An unauthenticated remote attacker can execute OS commands via UDP on Siemens SCALANCE X-200 devices due to missing authentication.
Product: Siemens SCALANCE X-200
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45274
NVD References:
- https://cert.vde.com/en/advisories/VDE-2024-056
- https://cert.vde.com/en/advisories/VDE-2024-066
CVE-2024-45275 - Axis Communications AXIS Camera Station devices have two hard coded user accounts with hardcoded passwords, allowing unauthenticated remote attackers full control.
Product: Axis Communications AXIS Camera Station
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45275
NVD References:
- https://cert.vde.com/en/advisories/VDE-2024-056
- https://cert.vde.com/en/advisories/VDE-2024-066
CVE-2024-48283 - Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection through the searchkey parameter in /admin//search-result.php.
Product: Phpgurukul User Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48283
CVE-2024-48914 - Vendure is vulnerable to a traversal attack in versions prior to 3.0.5 and 2.3.3, allowing an attacker to access sensitive server files and potentially crash the server.
Product: Vendure's asset server plugin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48914
NVD References:
- https://github.com/vendure-ecommerce/vendure/commit/e2ee0c43159b3d13b51b78654481094fdd4850c5
- https://github.com/vendure-ecommerce/vendure/commit/e4b58af6822d38a9c92a1d8573e19288b8edaa1c
- https://github.com/vendure-ecommerce/vendure/security/advisories/GHSA-r9mq-3c9r-fmjq
CVE-2024-21172 - Oracle Hospitality OPERA 5 product is vulnerable to a difficult to exploit unauthenticated network attack that can result in a takeover of the system.
Product: Oracle Hospitality OPERA 5
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21172
NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html
CVE-2024-21216 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.
Product: Oracle WebLogic Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21216
NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html
CVE-2024-9486 - Kubernetes Image Builder allows default credentials to enable root access on nodes using Proxmox provider virtual machine images.
Product: Kubernetes Image Builder
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9486
NVD References:
- https://github.com/kubernetes-sigs/image-builder/pull/1595
- https://github.com/kubernetes/kubernetes/issues/128006
- https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ
CVE-2024-48283 - Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection through the searchkey parameter in /admin//search-result.php.
Product: Phpgurukul User Management System
CVSS Score: 9.8
CVE-2024-48914 - Vendure is vulnerable to a traversal attack in versions prior to 3.0.5 and 2.3.3, allowing an attacker to access sensitive server files and potentially crash the server.
Product: Vendure's asset server plugin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48914
NVD References:
- https://github.com/vendure-ecommerce/vendure/commit/e2ee0c43159b3d13b51b78654481094fdd4850c5
- https://github.com/vendure-ecommerce/vendure/commit/e4b58af6822d38a9c92a1d8573e19288b8edaa1c
- https://github.com/vendure-ecommerce/vendure/security/advisories/GHSA-r9mq-3c9r-fmjq
CVE-2024-21172 - Oracle Hospitality OPERA 5 product is vulnerable to a difficult to exploit unauthenticated network attack that can result in a takeover of the system.
Product: Oracle Hospitality OPERA 5
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21172
NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html
CVE-2024-21216 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.
Product: Oracle WebLogic Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21216
NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html
CVE-2024-9486 - Kubernetes Image Builder allows default credentials to enable root access on nodes using Proxmox provider virtual machine images.
Product: Kubernetes Image Builder
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9486
NVD References:
- https://github.com/kubernetes-sigs/image-builder/pull/1595
- https://github.com/kubernetes/kubernetes/issues/128006
- https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ
Sponsors
Fortinet, Inc.
Webcast: General Quarters! The Impact of Cybersecurity on the Maritime Industry | Today! October 17, 11:30 ET | In this webcast, SANS experts will explore the critical role of cybersecurity in safeguarding maritime operations. Save your seat today!
SANS
2025 SANS Detection Engineering Survey |This survey aims to understand the current landscape of Detection Engineering, capturing the experiences, challenges, and aspirations of professionals in the field. Our goal is to provide insights that will benefit the entire cybersecurity community while highlighting the evolving nature of detection strategies in modern environments. Complete the survey for a chance to win a $250 Amazon gift card!
SANS
2025 SANS Detection Engineering Survey |This survey aims to understand the current landscape of Detection Engineering, capturing the experiences, challenges, and aspirations of professionals in the field. Our goal is to provide insights that will benefit the entire cybersecurity community while highlighting the evolving nature of detection strategies in modern environments. Complete the survey for a chance to win a $250 Amazon gift card!
SANS
2025 SANS Detection Engineering Survey |This survey aims to understand the current landscape of Detection Engineering, capturing the experiences, challenges, and aspirations of professionals in the field. Our goal is to provide insights that will benefit the entire cybersecurity community while highlighting the evolving nature of detection strategies in modern environments. Complete the survey for a chance to win a $250 Amazon gift card!