In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 04-05, 2024.
During this period, The National Vulnerability Database published 113, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 25
Medium: 18
Low: 4
Severity Not Assigned: 61
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-4479
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
References: https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-28578
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: Memory corruption in Core Services while executing the command for removing a single event listener.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-28582
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-33066
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in Audio while processing RT proxy port register driver.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-33084
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing IE fragments from server during DTLS handshake.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-33086
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-33095
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-33096
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-33103
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing CAG info IE received from NW.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-33104
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-33105
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-43539
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-43540
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while processing the IOCTL FM HCI WRITE request.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-43541
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-43546
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while invoking HGSL IOCTL context create.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-43547
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-43548
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Memory corruption while parsing qcp clip with invalid chunk data size.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-43549
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while processing TPC target power table in FTM TPC.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-43550
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-43552
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption while processing MBSSID beacon containing several subelement IE.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-43553
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-0155
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code.
References: https://www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-0156
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description:
Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Overflow vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.
References: https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-22452
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.
References: https://www.dell.com/support/kbdoc/en-us/000221414/dsa-2024-056
CWE-ID: CWE-264
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-22463
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information
References: https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities
CWE-ID: CWE-327
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-27198
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
References: https://www.jetbrains.com/privacy-security/issues-fixed/
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-27199
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
References: https://www.jetbrains.com/privacy-security/issues-fixed/
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-32331
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254979
https://www.ibm.com/support/pages/node/7011443
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-27889
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
References: https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-2048
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
References: https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 04-05, 2024.
During this period, The National Vulnerability Database published 113, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 25
Medium: 18
Low: 4
Severity Not Assigned: 61
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-4479
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
References: https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-28578
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: Memory corruption in Core Services while executing the command for removing a single event listener.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-28582
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-33066
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in Audio while processing RT proxy port register driver.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-33084
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing IE fragments from server during DTLS handshake.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-33086
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-33095
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-33096
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-33103
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing CAG info IE received from NW.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-33104
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-33105
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-43539
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-43540
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while processing the IOCTL FM HCI WRITE request.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-43541
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-43546
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while invoking HGSL IOCTL context create.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-43547
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-43548
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Memory corruption while parsing qcp clip with invalid chunk data size.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-43549
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while processing TPC target power table in FTM TPC.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-43550
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-43552
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption while processing MBSSID beacon containing several subelement IE.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-43553
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
References: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-0155
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code.
References: https://www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-0156
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description:
Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Overflow vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.
References: https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-22452
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.
References: https://www.dell.com/support/kbdoc/en-us/000221414/dsa-2024-056
CWE-ID: CWE-264
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-22463
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information
References: https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities
CWE-ID: CWE-327
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-27198
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
References: https://www.jetbrains.com/privacy-security/issues-fixed/
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-27199
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
References: https://www.jetbrains.com/privacy-security/issues-fixed/
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-32331
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254979
https://www.ibm.com/support/pages/node/7011443
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-27889
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
References: https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-2048
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
References: https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found