In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 09-10, 2024.
During this period, The National Vulnerability Database published 27, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 2
Medium: 15
Low: 0
Severity Not Assigned: 10
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-28184
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
References: https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598
https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-25951
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
References: https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability
CWE-ID: CWE-1288
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 09-10, 2024.
During this period, The National Vulnerability Database published 27, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 2
Medium: 15
Low: 0
Severity Not Assigned: 10
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-28184
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
References: https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598
https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-25951
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
References: https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability
CWE-ID: CWE-1288
Common Platform Enumerations (CPE): Not Found