In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 09-10, 2024.
During this period, The National Vulnerability Database published 413, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 177
Medium: 180
Low: 3
Severity Not Assigned: 43
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-25646
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
References: https://me.sap.com/notes/3421384
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-27899
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.3
Description: Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.
References: https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-27901
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.
References: https://me.sap.com/notes/3438234
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
CWE-ID: CWE-35
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-27983
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
References: https://hackerone.com/reports/2319584
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-2975
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A race condition was identified through which privilege escalation was possible in certain configurations.
References: https://advisories.octopus.com/post/2024/sa2024-01/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-1233
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
References: https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-31365
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
References: https://patchstack.com/database/vulnerability/themify-ptb/wordpress-post-type-builder-ptb-plugin-2-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-31366
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
References: https://patchstack.com/database/vulnerability/themify-ptb/wordpress-post-type-builder-ptb-plugin-2-0-8-subscriber-arbitrary-post-page-creation-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-1082
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An remote attacker with low privileges can perform a command injection which can lead to root access.
References: https://cert.vde.com/en/advisories/VDE-2024-009
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-1083
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
References: https://cert.vde.com/en/advisories/VDE-2024-009
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-26275
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References: https://cert-portal.siemens.com/productcert/html/ssa-222019.html
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-30191
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 3 "Override client’s security context" of CVE-2022-47522.
Affected devices can be tricked into associating a newly negotiated, attacker-controlled, security context with frames belonging to a victim. This could allow a physically proximate attacker to decrypt frames meant for the victim.
References: https://cert-portal.siemens.com/productcert/html/ssa-457702.html
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-31367
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
References: https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-2-authenticated-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-31370
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1.
References: https://patchstack.com/database/vulnerability/aikit-wordpress-ai-writing-assistant-using-gpt3/wordpress-codeisawesome-aikit-plugin-4-14-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-31978
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.
References: https://cert-portal.siemens.com/productcert/html/ssa-128433.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-3046
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs.
This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]
References: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/188
CWE-ID: CWE-303
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-2223
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
References: https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/
CWE-ID: CWE-185
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-2224
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
References: https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-6317
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.
Full versions and TV models affected:
webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA
webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-6318
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
Full versions and TV models affected:
* webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
* webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
* webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-6319
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
* webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA
* webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
* webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
* webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-6320
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability.
Full versions and TV models affected:
* webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
* webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-41677
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
References: https://fortiguard.com/psirt/FG-IR-23-430
CWE-ID: CWE-522
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-45590
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website
References: https://fortiguard.com/psirt/FG-IR-23-087
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-48724
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-49074
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-49133
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-49134
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-49906
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-49907
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-49908
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-49909
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-49910
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-49911
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-49912
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-49913
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-21755
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
References: https://fortiguard.com/psirt/FG-IR-23-489
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-21756
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
References: https://fortiguard.com/psirt/FG-IR-23-489
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-23671
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
References: https://fortiguard.com/psirt/FG-IR-23-454
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-28235
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.
References: https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler
https://github.com/contao/contao/blob/14e9ef4bc8b82936ba2d0e04164581145a075e2a/core-bundle/src/Resources/contao/classes/Crawl.php#L129
https://github.com/contao/contao/commit/73a2770e2d3535ec9f1b03d54be00e56ebb8ff16
https://github.com/contao/contao/commit/79b7620d01ce8f46ce2b331455e0d95e5208de3d
https://github.com/contao/contao/security/advisories/GHSA-9jh5-qf84-x6pr
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-20670
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Outlook for Windows Spoofing Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-20678
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678
CWE-ID: CWE-843
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-20688
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-20689
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-20693
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Kernel Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-21322
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Defender for IoT Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-21323
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft Defender for IoT Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323
CWE-ID: CWE-36
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-21324
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-21409
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-21447
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Authentication Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-26158
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Microsoft Install Service Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-26175
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
53. CVE-2024-26179
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
54. CVE-2024-26180
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
55. CVE-2024-26189
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
56. CVE-2024-26194
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26194
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
57. CVE-2024-26195
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: DHCP Server Service Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
58. CVE-2024-26200
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
59. CVE-2024-26202
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: DHCP Server Service Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
60. CVE-2024-26205
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
61. CVE-2024-26208
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
62. CVE-2024-26210
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
63. CVE-2024-26211
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26211
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
64. CVE-2024-26212
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DHCP Server Service Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
65. CVE-2024-26213
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Microsoft Brokering File System Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26213
CWE-ID: CWE-822
Common Platform Enumerations (CPE): Not Found
66. CVE-2024-26214
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
67. CVE-2024-26215
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DHCP Server Service Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
68. CVE-2024-26216
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Windows File Server Resource Management Service Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
69. CVE-2024-26218
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Kernel Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
70. CVE-2024-26219
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: HTTP.sys Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26219
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
71. CVE-2024-26221
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
72. CVE-2024-26222
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26222
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
73. CVE-2024-26223
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26223
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
74. CVE-2024-26224
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
75. CVE-2024-26227
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26227
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
76. CVE-2024-26228
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Cryptographic Services Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228
CWE-ID: CWE-310
Common Platform Enumerations (CPE): Not Found
77. CVE-2024-26229
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows CSC Service Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
78. CVE-2024-26230
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Telephony Server Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
79. CVE-2024-26231
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
80. CVE-2024-26232
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232
CWE-ID: CWE-843
Common Platform Enumerations (CPE): Not Found
81. CVE-2024-26233
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
82. CVE-2024-26235
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Update Stack Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26235
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
83. CVE-2024-26236
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Windows Update Stack Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26236
CWE-ID: CWE-591
Common Platform Enumerations (CPE): Not Found
84. CVE-2024-26237
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Defender Credential Guard Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26237
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
85. CVE-2024-26239
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Telephony Server Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26239
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
86. CVE-2024-26240
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26240
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
87. CVE-2024-26241
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Win32k Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26241
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
88. CVE-2024-26242
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Windows Telephony Server Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26242
CWE-ID: CWE-591
Common Platform Enumerations (CPE): Not Found
89. CVE-2024-26243
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Windows USB Print Driver Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26243
CWE-ID: CWE-126
Common Platform Enumerations (CPE): Not Found
90. CVE-2024-26244
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
91. CVE-2024-26245
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows SMB Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26245
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
92. CVE-2024-26248
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Windows Kerberos Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26248
CWE-ID: CWE-303
Common Platform Enumerations (CPE): Not Found
93. CVE-2024-26254
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26254
CWE-ID: CWE-822
Common Platform Enumerations (CPE): Not Found
94. CVE-2024-26256
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: libarchive Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
95. CVE-2024-26257
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Microsoft Excel Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
96. CVE-2024-28896
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
97. CVE-2024-28904
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Microsoft Brokering File System Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28904
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
98. CVE-2024-28905
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Microsoft Brokering File System Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28905
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
99. CVE-2024-28906
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
100. CVE-2024-28907
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Microsoft Brokering File System Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28907
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
101. CVE-2024-28908
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
102. CVE-2024-28909
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
103. CVE-2024-28910
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
104. CVE-2024-28911
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
105. CVE-2024-28912
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
106. CVE-2024-28913
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
107. CVE-2024-28914
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
108. CVE-2024-28915
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
109. CVE-2024-28920
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28920
CWE-ID: CWE-693
Common Platform Enumerations (CPE): Not Found
110. CVE-2024-28925
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28925
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
111. CVE-2024-28926
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
112. CVE-2024-28927
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
113. CVE-2024-28929
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
114. CVE-2024-28930
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
115. CVE-2024-28931
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
116. CVE-2024-28932
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
117. CVE-2024-28933
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
118. CVE-2024-28934
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
119. CVE-2024-28935
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
120. CVE-2024-28936
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
121. CVE-2024-28937
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
122. CVE-2024-28938
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
123. CVE-2024-28939
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939
CWE-ID: CWE-209
Common Platform Enumerations (CPE): Not Found
124. CVE-2024-28940
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
125. CVE-2024-28941
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
126. CVE-2024-28942
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
127. CVE-2024-28943
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
128. CVE-2024-28944
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944
CWE-ID: CWE-197
Common Platform Enumerations (CPE): Not Found
129. CVE-2024-28945
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
130. CVE-2024-29043
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
131. CVE-2024-29044
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
132. CVE-2024-29045
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
133. CVE-2024-29046
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
134. CVE-2024-29047
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
135. CVE-2024-29048
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
136. CVE-2024-29050
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Windows Cryptographic Services Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29050
CWE-ID: CWE-197
Common Platform Enumerations (CPE): Not Found
137. CVE-2024-29052
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Storage Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
138. CVE-2024-29053
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft Defender for IoT Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053
CWE-ID: CWE-36
Common Platform Enumerations (CPE): Not Found
139. CVE-2024-29054
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
140. CVE-2024-29055
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
141. CVE-2024-29061
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
142. CVE-2024-29062
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29062
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
143. CVE-2024-29063
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: Azure AI Search Information Disclosure Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29063
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
144. CVE-2024-29066
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows Distributed File System (DFS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29066
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
145. CVE-2024-29905
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).
References: https://github.com/DIRACGrid/DIRAC/commit/1faa709341969a6321e29c843ca94039d33b2c3d
https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-v6f3-gh5h-mqwx
CWE-ID: CWE-668
Common Platform Enumerations (CPE): Not Found
146. CVE-2024-29982
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
147. CVE-2024-29983
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
148. CVE-2024-29984
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
149. CVE-2024-29985
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
150. CVE-2024-29988
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SmartScreen Prompt Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988
CWE-ID: CWE-693
Common Platform Enumerations (CPE): Not Found
151. CVE-2024-29989
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: Azure Monitor Agent Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29989
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
152. CVE-2024-29990
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
153. CVE-2024-29993
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Azure CycleCloud Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29993
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
154. CVE-2024-22423
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `"`, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead.
References: https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e
https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a
https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11
https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
155. CVE-2024-24576
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.
The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.
On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.
One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.
Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an [`InvalidInput`][4] error when it cannot safely escape an argument. This error will be emitted when spawning the process.
The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.
References: https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput
https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg
https://doc.rust-lang.org/std/process/struct.Command.html
https://doc.rust-lang.org/std/process/struct.Command.html#method.arg
https://doc.rust-lang.org/std/process/struct.Command.html#method.args
https://github.com/rust-lang/rust/issues
https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh
https://www.rust-lang.org/policies/security
CWE-ID: CWE-78 CWE-88
Common Platform Enumerations (CPE): Not Found
156. CVE-2024-25115
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
References: https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad
https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5
CWE-ID: CWE-120 CWE-122
Common Platform Enumerations (CPE): Not Found
157. CVE-2024-31457
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem.
References: https://github.com/flipped-aurora/gin-vue-admin/commit/b1b7427c6ea6c7a027fa188c6be557f3795e732b
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4
https://pkg.go.dev/github.com/flipped-aurora/gin-vue-admin/server?tab=versions
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
158. CVE-2023-6964
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3019592%40kadence-blocks&old=2996625%40kadence-blocks&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
159. CVE-2023-6967
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7d0c2-27ec-47ad-8baa-c281c273078e?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
160. CVE-2023-6999
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.
References: https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
161. CVE-2023-7046
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3066915%40wp-letsencrypt-ssl&new=3066915%40wp-letsencrypt-ssl&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
162. CVE-2024-0952
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3060269/erp/tags/1.13.0/modules/accounting/includes/functions/people.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ba06f9-de51-49ea-87c1-4583e939314b?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
163. CVE-2024-1308
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links.
References: https://plugins.trac.wordpress.org/browser/woocommerce-cloak-affiliate-links/tags/1.0.33/woocommerce-cloak-affiliate-links.php#L396
https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-cloak-affiliate-links/tags/1.0.33&old=3055367&new_path=/woocommerce-cloak-affiliate-links/tags/1.0.34&new=3055367&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
164. CVE-2024-1315
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.
References: https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.0.1/app/Controllers/Ajax/PublicUser.php#L445
https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.0.5/app/Controllers/Ajax/PublicUser.php#L445
https://www.wordfence.com/threat-intel/vulnerabilities/id/5439651e-5557-4b13-813a-4fc0ad876104?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
165. CVE-2024-1774
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. We unfortunately could not get in touch with the vendor through various means to disclose this issue.
References: https://www.customily.com/woocommerce
https://www.wordfence.com/threat-intel/vulnerabilities/id/0f8aa38b-85c5-45a7-b5cd-9ecd43a3c340?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
166. CVE-2024-1792
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Please note that the plugin is a developer toolkit. For the vulnerability to become exploitable, the presence of a metabox activation in your code (via functions.php for example) is required.
References: https://plugins.trac.wordpress.org/changeset/3062907/cmb2/trunk?contextall=1&old=2683046&old_path=%2Fcmb2%2Ftrunk
https://www.wordfence.com/threat-intel/vulnerabilities/id/c3f37ef5-ddf5-4bd5-b6aa-121dda22fb01?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
167. CVE-2024-1794
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3047085%40forminator&old=3028842%40forminator&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/23feb72c-7e6f-436b-b56e-dc6185302d31?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
168. CVE-2024-1812
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
References: https://plugins.trac.wordpress.org/changeset/3049743/everest-forms
https://www.wordfence.com/threat-intel/vulnerabilities/id/d4561441-d147-4c02-a837-c1656e17627d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
169. CVE-2024-1813
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051715%40simple-job-board&old=3038476%40simple-job-board&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
170. CVE-2024-1852
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3.
References: https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user-profile.php#L566
https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user.php#L524
https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/vendor/rocketgeek-utilities/includes/utilities.php#L168
https://www.wordfence.com/threat-intel/vulnerabilities/id/033069d2-8e0f-4c67-b18c-fdd471d85f87?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
171. CVE-2024-1893
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/easy-property-listings/tags/3.5.2/lib/includes/functions.php#L1846
https://plugins.trac.wordpress.org/changeset?old_path=/easy-property-listings/tags/3.5.2&old=3056209&new_path=/easy-property-listings/tags/3.5.3&new=3056209&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/a7ac96db-2d9a-4eaf-8916-a02e3e64ca4a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
172. CVE-2024-1934
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images.
References: https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.10.35/addons/legacy/compress.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3054445@wp-compress-image-optimizer/trunk&old=3048575@wp-compress-image-optimizer/trunk&sfp_email=&sfph_mail=#file2
https://www.wordfence.com/threat-intel/vulnerabilities/id/88a46a24-6d46-44cc-ac01-70a1c329cb51?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
173. CVE-2024-1974
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information.
References: https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_weather.php#L401
https://plugins.trac.wordpress.org/changeset/3048999/ht-mega-for-elementor/tags/2.4.7/includes/widgets/htmega_weather.php?old=2939273&old_path=ht-mega-for-elementor/trunk/includes/widgets/htmega_weather.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/11b5f0a1-bf22-46be-a165-c62f1077da0f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
174. CVE-2024-1990
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3049490/custom-registration-form-builder-with-submission-manager/trunk/public/class_rm_public.php
https://plugins.trac.wordpress.org/changeset/3057216/custom-registration-form-builder-with-submission-manager/trunk/public/class_rm_public.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/6478cdbc-a20e-4fe2-bbd6-8a550e5da895?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
175. CVE-2024-1991
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator
References: https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk//services/class_rm_user_services.php#L1205
https://plugins.trac.wordpress.org/changeset/3049490/custom-registration-form-builder-with-submission-manager#file24
https://www.wordfence.com/threat-intel/vulnerabilities/id/766e3966-157a-4db3-9179-813032343f76?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
176. CVE-2024-2018
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. One demonstrated attack included the injection of a PHP Object.
References: https://melapress.com/support/kb/wp-activity-log-plugin-changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f060ea1-01e2-4e5b-82ba-b5cdd0d8290a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
177. CVE-2024-2125
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The EnvÃaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://plugins.trac.wordpress.org/browser/envialosimple-email-marketing-y-newsletters-gratis/trunk/api/gallery.php#L29
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b39abc8-9281-4d58-a9ec-877c5bae805a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
178. CVE-2024-2341
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3054815%40simply-schedule-appointments%2Ftrunk&old=3054636%40simply-schedule-appointments%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/e4930b03-9142-464e-98ae-a910dfa46f2a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
179. CVE-2024-2342
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3054815%40simply-schedule-appointments%2Ftrunk&old=3054636%40simply-schedule-appointments%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
180. CVE-2024-2344
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://avada.com/documentation/avada-changelog/
https://gist.github.com/Xib3rR4dAr/05a32f63d75082ab05de27e313e70fa3
https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf0d2ca-2891-45d1-8ea2-90dd435b359f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
181. CVE-2024-2501
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' function. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/browser/social-pug/trunk/inc/functions-post.php#L194
https://plugins.trac.wordpress.org/browser/social-pug/trunk/inc/functions.php#L556
https://plugins.trac.wordpress.org/changeset?old_path=/social-pug/tags/1.33.1&old=3060042&new_path=/social-pug/tags/1.33.2&new=3060042&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3999c59-57a9-410c-a550-7d198bdb25ea?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
182. CVE-2024-2693
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/changeset/3057518/link-whisper/tags/0.7.2/core/Wpil/Editor/Muffin.php?old=3048109&old_path=link-whisper%2Ftags%2F0.7.1%2Fcore%2FWpil%2FEditor%2FMuffin.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5dd7cd-f96a-48df-a553-be5e59d8290f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
183. CVE-2024-2804
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/network-summary/trunk/includes/class-network-summary.php#L225
https://www.wordfence.com/threat-intel/vulnerabilities/id/3320c182-b1f9-4e06-92ea-0fa670557dd0?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
184. CVE-2024-2957
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040452%40simple-ajax-chat&new=3040452%40simple-ajax-chat&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/f67b5cd8-bae8-48ca-87d5-7445724791f6?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
185. CVE-2024-3136
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php
https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
186. CVE-2024-3446
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
References: https://access.redhat.com/security/cve/CVE-2024-3446
https://bugzilla.redhat.com/show_bug.cgi?id=2274211
https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
187. CVE-2024-3313
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: SUBNET Solutions Inc. has identified vulnerabilities in third-party
components used in PowerSYSTEM Server 2021 and Substation Server 2021.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-100-01
CWE-ID: CWE-1357
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 09-10, 2024.
During this period, The National Vulnerability Database published 413, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 177
Medium: 180
Low: 3
Severity Not Assigned: 43
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-25646
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
References: https://me.sap.com/notes/3421384
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-27899
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.3
Description: Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.
References: https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-27901
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.
References: https://me.sap.com/notes/3438234
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
CWE-ID: CWE-35
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-27983
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
References: https://hackerone.com/reports/2319584
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-2975
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A race condition was identified through which privilege escalation was possible in certain configurations.
References: https://advisories.octopus.com/post/2024/sa2024-01/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-1233
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
References: https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-31365
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
References: https://patchstack.com/database/vulnerability/themify-ptb/wordpress-post-type-builder-ptb-plugin-2-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-31366
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
References: https://patchstack.com/database/vulnerability/themify-ptb/wordpress-post-type-builder-ptb-plugin-2-0-8-subscriber-arbitrary-post-page-creation-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-1082
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An remote attacker with low privileges can perform a command injection which can lead to root access.
References: https://cert.vde.com/en/advisories/VDE-2024-009
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-1083
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
References: https://cert.vde.com/en/advisories/VDE-2024-009
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-26275
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References: https://cert-portal.siemens.com/productcert/html/ssa-222019.html
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-30191
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 3 "Override client’s security context" of CVE-2022-47522.
Affected devices can be tricked into associating a newly negotiated, attacker-controlled, security context with frames belonging to a victim. This could allow a physically proximate attacker to decrypt frames meant for the victim.
References: https://cert-portal.siemens.com/productcert/html/ssa-457702.html
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-31367
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
References: https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-2-authenticated-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-31370
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1.
References: https://patchstack.com/database/vulnerability/aikit-wordpress-ai-writing-assistant-using-gpt3/wordpress-codeisawesome-aikit-plugin-4-14-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-31978
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.
References: https://cert-portal.siemens.com/productcert/html/ssa-128433.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-3046
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs.
This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]
References: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/188
CWE-ID: CWE-303
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-2223
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
References: https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/
CWE-ID: CWE-185
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-2224
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
References: https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-6317
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.
Full versions and TV models affected:
webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA
webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-6318
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
Full versions and TV models affected:
* webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
* webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
* webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-6319
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
* webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA
* webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
* webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
* webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-6320
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability.
Full versions and TV models affected:
* webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
* webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-41677
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
References: https://fortiguard.com/psirt/FG-IR-23-430
CWE-ID: CWE-522
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-45590
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website
References: https://fortiguard.com/psirt/FG-IR-23-087
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-48724
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-49074
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-49133
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-49134
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-49906
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-49907
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-49908
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-49909
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-49910
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-49911
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-49912
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-49913
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-21755
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
References: https://fortiguard.com/psirt/FG-IR-23-489
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-21756
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
References: https://fortiguard.com/psirt/FG-IR-23-489
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-23671
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
References: https://fortiguard.com/psirt/FG-IR-23-454
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-28235
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.
References: https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler
https://github.com/contao/contao/blob/14e9ef4bc8b82936ba2d0e04164581145a075e2a/core-bundle/src/Resources/contao/classes/Crawl.php#L129
https://github.com/contao/contao/commit/73a2770e2d3535ec9f1b03d54be00e56ebb8ff16
https://github.com/contao/contao/commit/79b7620d01ce8f46ce2b331455e0d95e5208de3d
https://github.com/contao/contao/security/advisories/GHSA-9jh5-qf84-x6pr
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-20670
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Outlook for Windows Spoofing Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-20678
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678
CWE-ID: CWE-843
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-20688
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-20689
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-20693
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Kernel Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-21322
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Defender for IoT Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-21323
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft Defender for IoT Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323
CWE-ID: CWE-36
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-21324
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-21409
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-21447
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Authentication Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-26158
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Microsoft Install Service Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-26175
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
53. CVE-2024-26179
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
54. CVE-2024-26180
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
55. CVE-2024-26189
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
56. CVE-2024-26194
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26194
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
57. CVE-2024-26195
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: DHCP Server Service Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
58. CVE-2024-26200
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
59. CVE-2024-26202
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: DHCP Server Service Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
60. CVE-2024-26205
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
61. CVE-2024-26208
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
62. CVE-2024-26210
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
63. CVE-2024-26211
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26211
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
64. CVE-2024-26212
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DHCP Server Service Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
65. CVE-2024-26213
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Microsoft Brokering File System Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26213
CWE-ID: CWE-822
Common Platform Enumerations (CPE): Not Found
66. CVE-2024-26214
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
67. CVE-2024-26215
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DHCP Server Service Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
68. CVE-2024-26216
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Windows File Server Resource Management Service Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
69. CVE-2024-26218
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Kernel Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
70. CVE-2024-26219
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: HTTP.sys Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26219
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
71. CVE-2024-26221
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
72. CVE-2024-26222
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26222
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
73. CVE-2024-26223
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26223
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
74. CVE-2024-26224
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
75. CVE-2024-26227
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26227
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
76. CVE-2024-26228
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Cryptographic Services Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228
CWE-ID: CWE-310
Common Platform Enumerations (CPE): Not Found
77. CVE-2024-26229
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows CSC Service Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
78. CVE-2024-26230
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Telephony Server Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
79. CVE-2024-26231
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
80. CVE-2024-26232
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232
CWE-ID: CWE-843
Common Platform Enumerations (CPE): Not Found
81. CVE-2024-26233
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows DNS Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
82. CVE-2024-26235
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Update Stack Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26235
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
83. CVE-2024-26236
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Windows Update Stack Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26236
CWE-ID: CWE-591
Common Platform Enumerations (CPE): Not Found
84. CVE-2024-26237
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Defender Credential Guard Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26237
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
85. CVE-2024-26239
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Telephony Server Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26239
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
86. CVE-2024-26240
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26240
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
87. CVE-2024-26241
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Win32k Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26241
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
88. CVE-2024-26242
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Windows Telephony Server Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26242
CWE-ID: CWE-591
Common Platform Enumerations (CPE): Not Found
89. CVE-2024-26243
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Windows USB Print Driver Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26243
CWE-ID: CWE-126
Common Platform Enumerations (CPE): Not Found
90. CVE-2024-26244
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
91. CVE-2024-26245
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows SMB Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26245
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
92. CVE-2024-26248
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Windows Kerberos Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26248
CWE-ID: CWE-303
Common Platform Enumerations (CPE): Not Found
93. CVE-2024-26254
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26254
CWE-ID: CWE-822
Common Platform Enumerations (CPE): Not Found
94. CVE-2024-26256
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: libarchive Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
95. CVE-2024-26257
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Microsoft Excel Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
96. CVE-2024-28896
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
97. CVE-2024-28904
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Microsoft Brokering File System Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28904
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
98. CVE-2024-28905
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Microsoft Brokering File System Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28905
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
99. CVE-2024-28906
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
100. CVE-2024-28907
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Microsoft Brokering File System Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28907
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
101. CVE-2024-28908
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
102. CVE-2024-28909
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
103. CVE-2024-28910
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
104. CVE-2024-28911
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
105. CVE-2024-28912
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
106. CVE-2024-28913
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
107. CVE-2024-28914
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
108. CVE-2024-28915
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
109. CVE-2024-28920
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28920
CWE-ID: CWE-693
Common Platform Enumerations (CPE): Not Found
110. CVE-2024-28925
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28925
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
111. CVE-2024-28926
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
112. CVE-2024-28927
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
113. CVE-2024-28929
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
114. CVE-2024-28930
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
115. CVE-2024-28931
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
116. CVE-2024-28932
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
117. CVE-2024-28933
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
118. CVE-2024-28934
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
119. CVE-2024-28935
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
120. CVE-2024-28936
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
121. CVE-2024-28937
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
122. CVE-2024-28938
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
123. CVE-2024-28939
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939
CWE-ID: CWE-209
Common Platform Enumerations (CPE): Not Found
124. CVE-2024-28940
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
125. CVE-2024-28941
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
126. CVE-2024-28942
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
127. CVE-2024-28943
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
128. CVE-2024-28944
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944
CWE-ID: CWE-197
Common Platform Enumerations (CPE): Not Found
129. CVE-2024-28945
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
130. CVE-2024-29043
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
131. CVE-2024-29044
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
132. CVE-2024-29045
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
133. CVE-2024-29046
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
134. CVE-2024-29047
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
135. CVE-2024-29048
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
136. CVE-2024-29050
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Windows Cryptographic Services Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29050
CWE-ID: CWE-197
Common Platform Enumerations (CPE): Not Found
137. CVE-2024-29052
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Storage Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
138. CVE-2024-29053
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft Defender for IoT Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053
CWE-ID: CWE-36
Common Platform Enumerations (CPE): Not Found
139. CVE-2024-29054
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
140. CVE-2024-29055
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
141. CVE-2024-29061
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
142. CVE-2024-29062
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Secure Boot Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29062
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
143. CVE-2024-29063
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: Azure AI Search Information Disclosure Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29063
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
144. CVE-2024-29066
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Windows Distributed File System (DFS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29066
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
145. CVE-2024-29905
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).
References: https://github.com/DIRACGrid/DIRAC/commit/1faa709341969a6321e29c843ca94039d33b2c3d
https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-v6f3-gh5h-mqwx
CWE-ID: CWE-668
Common Platform Enumerations (CPE): Not Found
146. CVE-2024-29982
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
147. CVE-2024-29983
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
148. CVE-2024-29984
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
149. CVE-2024-29985
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
150. CVE-2024-29988
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SmartScreen Prompt Security Feature Bypass Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988
CWE-ID: CWE-693
Common Platform Enumerations (CPE): Not Found
151. CVE-2024-29989
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: Azure Monitor Agent Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29989
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
152. CVE-2024-29990
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
153. CVE-2024-29993
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Azure CycleCloud Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29993
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
154. CVE-2024-22423
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `"`, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead.
References: https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e
https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a
https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11
https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
155. CVE-2024-24576
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.
The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.
On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.
One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.
Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an [`InvalidInput`][4] error when it cannot safely escape an argument. This error will be emitted when spawning the process.
The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.
References: https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput
https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg
https://doc.rust-lang.org/std/process/struct.Command.html
https://doc.rust-lang.org/std/process/struct.Command.html#method.arg
https://doc.rust-lang.org/std/process/struct.Command.html#method.args
https://github.com/rust-lang/rust/issues
https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh
https://www.rust-lang.org/policies/security
CWE-ID: CWE-78 CWE-88
Common Platform Enumerations (CPE): Not Found
156. CVE-2024-25115
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
References: https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad
https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5
CWE-ID: CWE-120 CWE-122
Common Platform Enumerations (CPE): Not Found
157. CVE-2024-31457
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem.
References: https://github.com/flipped-aurora/gin-vue-admin/commit/b1b7427c6ea6c7a027fa188c6be557f3795e732b
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4
https://pkg.go.dev/github.com/flipped-aurora/gin-vue-admin/server?tab=versions
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
158. CVE-2023-6964
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3019592%40kadence-blocks&old=2996625%40kadence-blocks&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
159. CVE-2023-6967
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7d0c2-27ec-47ad-8baa-c281c273078e?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
160. CVE-2023-6999
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.
References: https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
161. CVE-2023-7046
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3066915%40wp-letsencrypt-ssl&new=3066915%40wp-letsencrypt-ssl&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
162. CVE-2024-0952
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3060269/erp/tags/1.13.0/modules/accounting/includes/functions/people.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ba06f9-de51-49ea-87c1-4583e939314b?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
163. CVE-2024-1308
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links.
References: https://plugins.trac.wordpress.org/browser/woocommerce-cloak-affiliate-links/tags/1.0.33/woocommerce-cloak-affiliate-links.php#L396
https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-cloak-affiliate-links/tags/1.0.33&old=3055367&new_path=/woocommerce-cloak-affiliate-links/tags/1.0.34&new=3055367&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
164. CVE-2024-1315
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.
References: https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.0.1/app/Controllers/Ajax/PublicUser.php#L445
https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.0.5/app/Controllers/Ajax/PublicUser.php#L445
https://www.wordfence.com/threat-intel/vulnerabilities/id/5439651e-5557-4b13-813a-4fc0ad876104?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
165. CVE-2024-1774
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. We unfortunately could not get in touch with the vendor through various means to disclose this issue.
References: https://www.customily.com/woocommerce
https://www.wordfence.com/threat-intel/vulnerabilities/id/0f8aa38b-85c5-45a7-b5cd-9ecd43a3c340?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
166. CVE-2024-1792
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Please note that the plugin is a developer toolkit. For the vulnerability to become exploitable, the presence of a metabox activation in your code (via functions.php for example) is required.
References: https://plugins.trac.wordpress.org/changeset/3062907/cmb2/trunk?contextall=1&old=2683046&old_path=%2Fcmb2%2Ftrunk
https://www.wordfence.com/threat-intel/vulnerabilities/id/c3f37ef5-ddf5-4bd5-b6aa-121dda22fb01?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
167. CVE-2024-1794
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3047085%40forminator&old=3028842%40forminator&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/23feb72c-7e6f-436b-b56e-dc6185302d31?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
168. CVE-2024-1812
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
References: https://plugins.trac.wordpress.org/changeset/3049743/everest-forms
https://www.wordfence.com/threat-intel/vulnerabilities/id/d4561441-d147-4c02-a837-c1656e17627d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
169. CVE-2024-1813
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051715%40simple-job-board&old=3038476%40simple-job-board&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
170. CVE-2024-1852
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3.
References: https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user-profile.php#L566
https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user.php#L524
https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/vendor/rocketgeek-utilities/includes/utilities.php#L168
https://www.wordfence.com/threat-intel/vulnerabilities/id/033069d2-8e0f-4c67-b18c-fdd471d85f87?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
171. CVE-2024-1893
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/easy-property-listings/tags/3.5.2/lib/includes/functions.php#L1846
https://plugins.trac.wordpress.org/changeset?old_path=/easy-property-listings/tags/3.5.2&old=3056209&new_path=/easy-property-listings/tags/3.5.3&new=3056209&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/a7ac96db-2d9a-4eaf-8916-a02e3e64ca4a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
172. CVE-2024-1934
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images.
References: https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.10.35/addons/legacy/compress.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3054445@wp-compress-image-optimizer/trunk&old=3048575@wp-compress-image-optimizer/trunk&sfp_email=&sfph_mail=#file2
https://www.wordfence.com/threat-intel/vulnerabilities/id/88a46a24-6d46-44cc-ac01-70a1c329cb51?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
173. CVE-2024-1974
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information.
References: https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_weather.php#L401
https://plugins.trac.wordpress.org/changeset/3048999/ht-mega-for-elementor/tags/2.4.7/includes/widgets/htmega_weather.php?old=2939273&old_path=ht-mega-for-elementor/trunk/includes/widgets/htmega_weather.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/11b5f0a1-bf22-46be-a165-c62f1077da0f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
174. CVE-2024-1990
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3049490/custom-registration-form-builder-with-submission-manager/trunk/public/class_rm_public.php
https://plugins.trac.wordpress.org/changeset/3057216/custom-registration-form-builder-with-submission-manager/trunk/public/class_rm_public.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/6478cdbc-a20e-4fe2-bbd6-8a550e5da895?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
175. CVE-2024-1991
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator
References: https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk//services/class_rm_user_services.php#L1205
https://plugins.trac.wordpress.org/changeset/3049490/custom-registration-form-builder-with-submission-manager#file24
https://www.wordfence.com/threat-intel/vulnerabilities/id/766e3966-157a-4db3-9179-813032343f76?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
176. CVE-2024-2018
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. One demonstrated attack included the injection of a PHP Object.
References: https://melapress.com/support/kb/wp-activity-log-plugin-changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f060ea1-01e2-4e5b-82ba-b5cdd0d8290a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
177. CVE-2024-2125
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The EnvÃaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://plugins.trac.wordpress.org/browser/envialosimple-email-marketing-y-newsletters-gratis/trunk/api/gallery.php#L29
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b39abc8-9281-4d58-a9ec-877c5bae805a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
178. CVE-2024-2341
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3054815%40simply-schedule-appointments%2Ftrunk&old=3054636%40simply-schedule-appointments%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/e4930b03-9142-464e-98ae-a910dfa46f2a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
179. CVE-2024-2342
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3054815%40simply-schedule-appointments%2Ftrunk&old=3054636%40simply-schedule-appointments%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
180. CVE-2024-2344
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://avada.com/documentation/avada-changelog/
https://gist.github.com/Xib3rR4dAr/05a32f63d75082ab05de27e313e70fa3
https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf0d2ca-2891-45d1-8ea2-90dd435b359f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
181. CVE-2024-2501
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' function. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/browser/social-pug/trunk/inc/functions-post.php#L194
https://plugins.trac.wordpress.org/browser/social-pug/trunk/inc/functions.php#L556
https://plugins.trac.wordpress.org/changeset?old_path=/social-pug/tags/1.33.1&old=3060042&new_path=/social-pug/tags/1.33.2&new=3060042&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3999c59-57a9-410c-a550-7d198bdb25ea?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
182. CVE-2024-2693
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/changeset/3057518/link-whisper/tags/0.7.2/core/Wpil/Editor/Muffin.php?old=3048109&old_path=link-whisper%2Ftags%2F0.7.1%2Fcore%2FWpil%2FEditor%2FMuffin.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5dd7cd-f96a-48df-a553-be5e59d8290f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
183. CVE-2024-2804
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/network-summary/trunk/includes/class-network-summary.php#L225
https://www.wordfence.com/threat-intel/vulnerabilities/id/3320c182-b1f9-4e06-92ea-0fa670557dd0?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
184. CVE-2024-2957
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040452%40simple-ajax-chat&new=3040452%40simple-ajax-chat&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/f67b5cd8-bae8-48ca-87d5-7445724791f6?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
185. CVE-2024-3136
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php
https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
186. CVE-2024-3446
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
References: https://access.redhat.com/security/cve/CVE-2024-3446
https://bugzilla.redhat.com/show_bug.cgi?id=2274211
https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
187. CVE-2024-3313
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: SUBNET Solutions Inc. has identified vulnerabilities in third-party
components used in PowerSYSTEM Server 2021 and Substation Server 2021.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-100-01
CWE-ID: CWE-1357
Common Platform Enumerations (CPE): Not Found