In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 07-08, 2024.
During this period, The National Vulnerability Database published 92, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 7
High: 19
Medium: 33
Low: 1
Severity Not Assigned: 32
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0199
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
References: https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/436977
https://hackerone.com/reports/2295423
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0817
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
References: https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-0815
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
References: https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-28094
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Chat functionality in Schoolbox application before
version 23.1.3 is vulnerable to blind SQL Injection enabling the
authenticated attackers to read, modify, and delete database records.
References: https://schoolbox.education/
https://www.themissinglink.com.au/security-advisories/cve-2024-28094
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-28095
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: News functionality in Schoolbox application before
version 23.1.3 is vulnerable to stored cross-site scripting allowing
authenticated attacker to perform security actions in the context of the
affected users.
References: https://schoolbox.education/
https://www.themissinglink.com.au/security-advisories/cve-2024-28095
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-28096
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Class functionality in Schoolbox application
before version 23.1.3 is vulnerable to stored cross-site scripting
allowing authenticated attacker to perform security actions in the
context of the affected users.
References: https://schoolbox.education/
https://www.themissinglink.com.au/security-advisories/cve-2024-28096
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-28097
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Calendar functionality in Schoolbox application
before version 23.1.3 is vulnerable to stored cross-site scripting
allowing authenticated attacker to perform security actions in the
context of the affected users.
References: https://schoolbox.education/
https://www.themissinglink.com.au/security-advisories/cve-2024-28097
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-51395
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
References: https://community.silabs.com/068Vm0000029Xq5
CWE-ID: CWE-119 CWE-120
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-28222
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
References: https://www.veritas.com/content/support/en_US/security/VTS23-010
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-42662
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.
References: https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-0917
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: remote code execution in paddlepaddle/paddle 2.6.0
References: https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-1382
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible.
References: https://plugins.trac.wordpress.org/browser/nd-restaurant-reservations/trunk/addons/visual/search/index.php#L49
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3045964%40nd-restaurant-reservations%2Ftrunk&old=2980579%40nd-restaurant-reservations%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d51db160-c701-426d-890f-73cc4785cad8?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-1931
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.
References: https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt
CWE-ID: CWE-835
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-22256
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
References: https://www.vmware.com/security/advisories/VMSA-2024-0007.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-1169
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.
References: https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466
https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-1170
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.
References: https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493
https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7
https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-0818
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6
References: https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-42661
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.
References: https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-48725
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References: https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-1351
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.
Required Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.
References: https://jira.mongodb.org/browse/SERVER-72839
https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024
https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024
https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024
https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-1773
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/browser/pdf-invoices-and-packing-slips-for-woocommerce/trunk/includes/class-apifw-front-end.php#L94
https://plugins.trac.wordpress.org/changeset/3042740/
https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc6e879-4ccf-485e-b02d-2b291e67df40?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-0203
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://digits.unitedover.com/changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-1725
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
References: https://access.redhat.com/security/cve/CVE-2024-1725
https://bugzilla.redhat.com/show_bug.cgi?id=2265398
CWE-ID: CWE-501
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-1986
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled.
References: https://booster.io/
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L132
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L138
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L322
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L333
https://wordpress.org/plugins/woocommerce-jetpack/
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c2fb7f-a05b-4852-97eb-7befe880d703?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-28115
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
References: https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2
https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-2264
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256034 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20PHP-MYSQL-User-Login-System/SQLI%20Auth.md
https://vuldb.com/?ctiid.256034
https://vuldb.com/?id.256034
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 07-08, 2024.
During this period, The National Vulnerability Database published 92, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 7
High: 19
Medium: 33
Low: 1
Severity Not Assigned: 32
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0199
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
References: https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/436977
https://hackerone.com/reports/2295423
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0817
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
References: https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-0815
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
References: https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-28094
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Chat functionality in Schoolbox application before
version 23.1.3 is vulnerable to blind SQL Injection enabling the
authenticated attackers to read, modify, and delete database records.
References: https://schoolbox.education/
https://www.themissinglink.com.au/security-advisories/cve-2024-28094
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-28095
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: News functionality in Schoolbox application before
version 23.1.3 is vulnerable to stored cross-site scripting allowing
authenticated attacker to perform security actions in the context of the
affected users.
References: https://schoolbox.education/
https://www.themissinglink.com.au/security-advisories/cve-2024-28095
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-28096
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Class functionality in Schoolbox application
before version 23.1.3 is vulnerable to stored cross-site scripting
allowing authenticated attacker to perform security actions in the
context of the affected users.
References: https://schoolbox.education/
https://www.themissinglink.com.au/security-advisories/cve-2024-28096
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-28097
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Calendar functionality in Schoolbox application
before version 23.1.3 is vulnerable to stored cross-site scripting
allowing authenticated attacker to perform security actions in the
context of the affected users.
References: https://schoolbox.education/
https://www.themissinglink.com.au/security-advisories/cve-2024-28097
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-51395
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
References: https://community.silabs.com/068Vm0000029Xq5
CWE-ID: CWE-119 CWE-120
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-28222
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
References: https://www.veritas.com/content/support/en_US/security/VTS23-010
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-42662
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.
References: https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-0917
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: remote code execution in paddlepaddle/paddle 2.6.0
References: https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-1382
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible.
References: https://plugins.trac.wordpress.org/browser/nd-restaurant-reservations/trunk/addons/visual/search/index.php#L49
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3045964%40nd-restaurant-reservations%2Ftrunk&old=2980579%40nd-restaurant-reservations%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d51db160-c701-426d-890f-73cc4785cad8?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-1931
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.
References: https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt
CWE-ID: CWE-835
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-22256
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
References: https://www.vmware.com/security/advisories/VMSA-2024-0007.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-1169
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.
References: https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466
https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-1170
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.
References: https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493
https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7
https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-0818
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6
References: https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-42661
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.
References: https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-48725
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References: https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-1351
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.
Required Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.
References: https://jira.mongodb.org/browse/SERVER-72839
https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024
https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024
https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024
https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-1773
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/browser/pdf-invoices-and-packing-slips-for-woocommerce/trunk/includes/class-apifw-front-end.php#L94
https://plugins.trac.wordpress.org/changeset/3042740/
https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc6e879-4ccf-485e-b02d-2b291e67df40?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-0203
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://digits.unitedover.com/changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-1725
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
References: https://access.redhat.com/security/cve/CVE-2024-1725
https://bugzilla.redhat.com/show_bug.cgi?id=2265398
CWE-ID: CWE-501
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-1986
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled.
References: https://booster.io/
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L132
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L138
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L322
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L333
https://wordpress.org/plugins/woocommerce-jetpack/
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c2fb7f-a05b-4852-97eb-7befe880d703?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-28115
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
References: https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2
https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-2264
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256034 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20PHP-MYSQL-User-Login-System/SQLI%20Auth.md
https://vuldb.com/?ctiid.256034
https://vuldb.com/?id.256034
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found