In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 26-27, 2024.
During this period, The National Vulnerability Database published 111, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 21
Medium: 18
Low: 7
Severity Not Assigned: 59
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0435
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads.
Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders is only limited to the user who submits the XSS.
Ultimately, this attack is limited to the user attacking themselves. There is no anonymous chat submission unless the user does not take the minimum steps required to protect their instance.
References: https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834
https://huntr.com/bounties/53308220-8b2e-492f-b248-0985b7c2db61
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0436
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.
The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute
References: https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0
https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268
CWE-ID: CWE-764
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-0439
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request
While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
References: https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688
https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0440
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
References: https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-0455
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL
```
http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance
```
which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it.
The user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup.
References: https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55
https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-0798
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A user with a `default` role given to them by the admin can sent `DELETE` HTTP requests to `remove-folder` and `remove-document` to delete folders and source files from the instance even when their role should explicitly not allow this action on the system.
References: https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733
https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c
CWE-ID: CWE-272
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-1622
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.
References: https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt
CWE-ID: CWE-253
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-1710
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.
References: https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39
https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1735
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
References: https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-1876
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid with the input '+or+1%3d1%23 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254724.
References: https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Project%20SQL%20Injection%20Update.md
https://vuldb.com/?ctiid.254724
https://vuldb.com/?id.254724
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-1889
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device.
References: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-21802
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1914
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-21825
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1912
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-21836
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1915
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-22201
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
References: https://github.com/jetty/jetty.project/issues/11256
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-23496
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1913
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-23605
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1916
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-23835
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.
References: https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd
https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f
https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc
https://redmine.openinfosecfoundation.org/issues/6411
CWE-ID: CWE-400 CWE-770
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-23836
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.
References: https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7
https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747
https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7
https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc
https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97
https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8
https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786
https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5
https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01
https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af
https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc
https://redmine.openinfosecfoundation.org/issues/6531
https://redmine.openinfosecfoundation.org/issues/6532
https://redmine.openinfosecfoundation.org/issues/6540
https://redmine.openinfosecfoundation.org/issues/6658
https://redmine.openinfosecfoundation.org/issues/6659
https://redmine.openinfosecfoundation.org/issues/6660
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-23837
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
References: https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a
https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
https://redmine.openinfosecfoundation.org/issues/6444
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-23839
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
References: https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f
https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7
https://redmine.openinfosecfoundation.org/issues/6657
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-24714
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4.
References: https://patchstack.com/database/vulnerability/icons-font-loader/wordpress-icons-font-loader-plugin-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-25909
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
References: https://patchstack.com/database/vulnerability/wp-media-folder/wordpress-wp-media-folder-plugin-5-7-2-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-25913
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
References: https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-25925
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12.
References: https://patchstack.com/database/vulnerability/phppoet-checkout-fields/wordpress-woocommerce-easy-checkout-field-editor-fees-discounts-plugin-3-5-12-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-27454
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.
References: https://github.com/ijl/orjson/blob/master/CHANGELOG.md#3915
https://github.com/ijl/orjson/commit/b0e4d2c06ce06c6e63981bf0276e4b7c74e5845e
https://github.com/ijl/orjson/issues/458
https://monicz.dev/CVE-2024-27454
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-27081
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.
References: https://github.com/esphome/esphome/commit/d814ed1d4adc71fde47c4df41215bee449884513
https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 26-27, 2024.
During this period, The National Vulnerability Database published 111, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 21
Medium: 18
Low: 7
Severity Not Assigned: 59
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0435
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads.
Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders is only limited to the user who submits the XSS.
Ultimately, this attack is limited to the user attacking themselves. There is no anonymous chat submission unless the user does not take the minimum steps required to protect their instance.
References: https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834
https://huntr.com/bounties/53308220-8b2e-492f-b248-0985b7c2db61
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0436
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.
The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute
References: https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0
https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268
CWE-ID: CWE-764
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-0439
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request
While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
References: https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688
https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0440
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
References: https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-0455
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL
```
http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance
```
which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it.
The user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup.
References: https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55
https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-0798
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A user with a `default` role given to them by the admin can sent `DELETE` HTTP requests to `remove-folder` and `remove-document` to delete folders and source files from the instance even when their role should explicitly not allow this action on the system.
References: https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733
https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c
CWE-ID: CWE-272
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-1622
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.
References: https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt
CWE-ID: CWE-253
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-1710
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.
References: https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39
https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1735
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
References: https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-1876
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid with the input '+or+1%3d1%23 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254724.
References: https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Project%20SQL%20Injection%20Update.md
https://vuldb.com/?ctiid.254724
https://vuldb.com/?id.254724
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-1889
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device.
References: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-21802
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1914
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-21825
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1912
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-21836
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1915
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-22201
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
References: https://github.com/jetty/jetty.project/issues/11256
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-23496
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1913
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-23605
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1916
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-23835
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.
References: https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd
https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f
https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc
https://redmine.openinfosecfoundation.org/issues/6411
CWE-ID: CWE-400 CWE-770
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-23836
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.
References: https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7
https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747
https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7
https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc
https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97
https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8
https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786
https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5
https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01
https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af
https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc
https://redmine.openinfosecfoundation.org/issues/6531
https://redmine.openinfosecfoundation.org/issues/6532
https://redmine.openinfosecfoundation.org/issues/6540
https://redmine.openinfosecfoundation.org/issues/6658
https://redmine.openinfosecfoundation.org/issues/6659
https://redmine.openinfosecfoundation.org/issues/6660
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-23837
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
References: https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a
https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
https://redmine.openinfosecfoundation.org/issues/6444
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-23839
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
References: https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f
https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7
https://redmine.openinfosecfoundation.org/issues/6657
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-24714
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4.
References: https://patchstack.com/database/vulnerability/icons-font-loader/wordpress-icons-font-loader-plugin-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-25909
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
References: https://patchstack.com/database/vulnerability/wp-media-folder/wordpress-wp-media-folder-plugin-5-7-2-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-25913
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
References: https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-25925
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12.
References: https://patchstack.com/database/vulnerability/phppoet-checkout-fields/wordpress-woocommerce-easy-checkout-field-editor-fees-discounts-plugin-3-5-12-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-27454
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.
References: https://github.com/ijl/orjson/blob/master/CHANGELOG.md#3915
https://github.com/ijl/orjson/commit/b0e4d2c06ce06c6e63981bf0276e4b7c74e5845e
https://github.com/ijl/orjson/issues/458
https://monicz.dev/CVE-2024-27454
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-27081
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.
References: https://github.com/esphome/esphome/commit/d814ed1d4adc71fde47c4df41215bee449884513
https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found