In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 18-19, 2024.
During this period, The National Vulnerability Database published 124, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 36
Medium: 55
Low: 5
Severity Not Assigned: 22
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-49742
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.
References: https://patchstack.com/database/vulnerability/support-genix-lite/wordpress-support-genix-plugin-1-2-3-broken-access-control-lead-to-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-28076
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.3
Description: The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format
References: https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28073
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-29001
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.3
Description: A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.
References: https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-32587
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvÃaloSimple allows Reflected XSS.This issue affects EnvÃaloSimple: from n/a through 2.2.
References: https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-32588
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3.
References: https://patchstack.com/database/vulnerability/learnpress-import-export/wordpress-learnpress-export-import-plugin-4-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-32595
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Bao Corp WP Helper Premium allows Reflected XSS.This issue affects WP Helper Premium: from n/a before 4.6.0.
References: https://patchstack.com/database/vulnerability/wp-helper-lite/wordpress-wp-helper-premium-plugin-4-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-32599
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1.
References: https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-3-2-1-arbitrary-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-32603
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20.
References: https://patchstack.com/database/vulnerability/wc4bp/wordpress-woobuddy-plugin-3-4-20-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-29003
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.3
Description: The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.
References: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29003
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-32558
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.
References: https://patchstack.com/database/vulnerability/ecommerce-product-catalog/wordpress-ecommerce-product-catalog-plugin-3-3-32-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-32559
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post allows Reflected XSS.This issue affects WP 404 Auto Redirect to Similar Post: from n/a through 1.0.4.
References: https://patchstack.com/database/vulnerability/wp-404-auto-redirect-to-similar-post/wordpress-wp-404-auto-redirect-to-similar-post-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-32562
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through 7.4.9.
References: https://patchstack.com/database/vulnerability/zynith-seo/wordpress-z-y-n-i-t-h-plugin-7-4-9-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-32563
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7.
References: https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-32567
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7.
References: https://patchstack.com/database/vulnerability/directorypress/wordpress-directorypress-plugin-3-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-32568
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2.
References: https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-32570
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.
References: https://patchstack.com/database/vulnerability/cornerstone/wordpress-cornerstone-plugin-0-8-0-reflected-cross-site-scripting-xss-vulnerability-2?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-32574
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Reflected XSS.This issue affects WP Simple HTML Sitemap: from n/a through 2.8.
References: https://patchstack.com/database/vulnerability/wp-simple-html-sitemap/wordpress-wp-simple-html-sitemap-plugin-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-32578
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through 1.2.54.
References: https://patchstack.com/database/vulnerability/slider-wd/wordpress-sliderby10web-plugin-1-2-54-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-32582
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1.
References: https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-32583
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.
References: https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-32585
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from n/a through 4.2.
References: https://patchstack.com/database/vulnerability/content-excel-importer/wordpress-import-content-in-wordpress-woocommerce-with-excel-plugin-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-47843
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
References: https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-32551
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.
References: https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manage-plugin-4-71-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-32553
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in looks_awesome Superfly Menu allows Stored XSS.This issue affects Superfly Menu: from n/a through 5.0.25.
References: https://patchstack.com/database/vulnerability/superfly-menu/wordpress-superfly-menu-plugin-5-0-25-subscriber-site-wide-stored-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-32600
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5.
References: https://patchstack.com/database/vulnerability/master-slider/wordpress-master-slider-plugin-3-9-5-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-32602
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.
References: https://patchstack.com/database/vulnerability/woocommerce-multilingual/wordpress-woocommerce-multilingual-multicurrency-plugin-5-3-3-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-28185
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.
References: https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L197-L201
https://github.com/judge0/judge0/commit/846d5839026161bb299b7a35fd3b2afb107992fc
https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf
CWE-ID: CWE-59 CWE-61
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-28189
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.
References: https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232
https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd
https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg
https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf
CWE-ID: CWE-59 CWE-61
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-29021
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. This vulnerability is fixed in 1.13.1.
References: https://github.com/judge0/judge0/blob/ad66f77b131dbbebf2b9ff8083dca9a68680b3e5/app/jobs/isolate_job.rb#L203-L230
https://github.com/judge0/judge0/security/advisories/GHSA-q7vg-26pg-v5hr
CWE-ID: CWE-1393 CWE-918
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-2796
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer Portal in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
References: https://portal.perforce.com/s/detail/a91PA000001STuXYAW
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-32475
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.
References: https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382
https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj
CWE-ID: CWE-253 CWE-617
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-32462
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
References: https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d
https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97
https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e
https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931
https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
CWE-ID: CWE-88
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-3758
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
References: https://access.redhat.com/errata/RHSA-2024:1919
https://access.redhat.com/errata/RHSA-2024:1920
https://access.redhat.com/errata/RHSA-2024:1921
https://access.redhat.com/errata/RHSA-2024:1922
https://access.redhat.com/security/cve/CVE-2023-3758
https://bugzilla.redhat.com/show_bug.cgi?id=2223762
https://github.com/SSSD/sssd/pull/7302
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-20380
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
References: https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
CWE-ID: CWE-475
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-32474
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more.
References: https://github.com/getsentry/sentry/commit/d5b34568d9f1c41362ccb62141532a0a2169512f
https://github.com/getsentry/sentry/pull/66393
https://github.com/getsentry/sentry/pull/69148
https://github.com/getsentry/sentry/security/advisories/GHSA-6cjm-4pxw-7xp9
CWE-ID: CWE-117 CWE-312
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-32477
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between `libc::tcflush(0, libc::TCIFLUSH)` and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the user input. Some ANSI escape sequences act as a info request to the master terminal emulator and the terminal emulator sends back the reply in the PTY channel. standard streams also use this channel to send and get data. For example the `\033[6n` sequence requests the current cursor position. These sequences allow us to append data to the standard input of Deno. This vulnerability allows an attacker to bypass Deno permission policy. This vulnerability is fixed in 1.42.2.
References: https://github.com/denoland/deno/security/advisories/GHSA-95cj-3hr2-7j5j
CWE-ID: CWE-362 CWE-78
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-22179
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access to the admin panel. Also vulnerable to account
takeover and arbitrary password change.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-302
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-3741
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Electrolink transmitters are vulnerable to an authentication bypass
vulnerability affecting the login cookie. An attacker can set an
arbitrary value except 'NO' to the login cookie and have full system
access.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-302
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-1491
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
The devices allow access to an unprotected endpoint that allows MPFS
file system binary image upload without authentication. The MPFS2 file
system module provides a light-weight read-only file system that can be
stored in external EEPROM, external serial flash, or internal flash
program memory. This file system serves as the basis for the HTTP2 web
server module, but is also used by the SNMP module and is available to
other applications that require basic read-only storage capabilities.
This can be exploited to overwrite the flash program memory that holds
the web server's main interfaces and execute arbitrary code.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-21872
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to reveal hidden pages that allows more critical
operations to the transmitter.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-565
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-22186
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
The application suffers from a privilege escalation vulnerability. An
attacker logged in as guest can escalate his privileges by poisoning the
cookie to become administrator.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-565
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-3742
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-312
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 18-19, 2024.
During this period, The National Vulnerability Database published 124, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 36
Medium: 55
Low: 5
Severity Not Assigned: 22
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-49742
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.
References: https://patchstack.com/database/vulnerability/support-genix-lite/wordpress-support-genix-plugin-1-2-3-broken-access-control-lead-to-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-28076
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.3
Description: The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format
References: https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28073
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-29001
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.3
Description: A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.
References: https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-32587
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvÃaloSimple allows Reflected XSS.This issue affects EnvÃaloSimple: from n/a through 2.2.
References: https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-32588
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3.
References: https://patchstack.com/database/vulnerability/learnpress-import-export/wordpress-learnpress-export-import-plugin-4-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-32595
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Bao Corp WP Helper Premium allows Reflected XSS.This issue affects WP Helper Premium: from n/a before 4.6.0.
References: https://patchstack.com/database/vulnerability/wp-helper-lite/wordpress-wp-helper-premium-plugin-4-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-32599
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1.
References: https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-3-2-1-arbitrary-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-32603
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20.
References: https://patchstack.com/database/vulnerability/wc4bp/wordpress-woobuddy-plugin-3-4-20-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-29003
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.3
Description: The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.
References: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29003
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-32558
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.
References: https://patchstack.com/database/vulnerability/ecommerce-product-catalog/wordpress-ecommerce-product-catalog-plugin-3-3-32-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-32559
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post allows Reflected XSS.This issue affects WP 404 Auto Redirect to Similar Post: from n/a through 1.0.4.
References: https://patchstack.com/database/vulnerability/wp-404-auto-redirect-to-similar-post/wordpress-wp-404-auto-redirect-to-similar-post-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-32562
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through 7.4.9.
References: https://patchstack.com/database/vulnerability/zynith-seo/wordpress-z-y-n-i-t-h-plugin-7-4-9-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-32563
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7.
References: https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-32567
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7.
References: https://patchstack.com/database/vulnerability/directorypress/wordpress-directorypress-plugin-3-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-32568
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2.
References: https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-32570
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.
References: https://patchstack.com/database/vulnerability/cornerstone/wordpress-cornerstone-plugin-0-8-0-reflected-cross-site-scripting-xss-vulnerability-2?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-32574
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Reflected XSS.This issue affects WP Simple HTML Sitemap: from n/a through 2.8.
References: https://patchstack.com/database/vulnerability/wp-simple-html-sitemap/wordpress-wp-simple-html-sitemap-plugin-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-32578
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through 1.2.54.
References: https://patchstack.com/database/vulnerability/slider-wd/wordpress-sliderby10web-plugin-1-2-54-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-32582
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1.
References: https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-32583
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.
References: https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-32585
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from n/a through 4.2.
References: https://patchstack.com/database/vulnerability/content-excel-importer/wordpress-import-content-in-wordpress-woocommerce-with-excel-plugin-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-47843
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
References: https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-32551
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.
References: https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manage-plugin-4-71-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-32553
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in looks_awesome Superfly Menu allows Stored XSS.This issue affects Superfly Menu: from n/a through 5.0.25.
References: https://patchstack.com/database/vulnerability/superfly-menu/wordpress-superfly-menu-plugin-5-0-25-subscriber-site-wide-stored-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-32600
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5.
References: https://patchstack.com/database/vulnerability/master-slider/wordpress-master-slider-plugin-3-9-5-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-32602
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.
References: https://patchstack.com/database/vulnerability/woocommerce-multilingual/wordpress-woocommerce-multilingual-multicurrency-plugin-5-3-3-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-28185
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.
References: https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L197-L201
https://github.com/judge0/judge0/commit/846d5839026161bb299b7a35fd3b2afb107992fc
https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf
CWE-ID: CWE-59 CWE-61
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-28189
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.
References: https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232
https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd
https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg
https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf
CWE-ID: CWE-59 CWE-61
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-29021
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. This vulnerability is fixed in 1.13.1.
References: https://github.com/judge0/judge0/blob/ad66f77b131dbbebf2b9ff8083dca9a68680b3e5/app/jobs/isolate_job.rb#L203-L230
https://github.com/judge0/judge0/security/advisories/GHSA-q7vg-26pg-v5hr
CWE-ID: CWE-1393 CWE-918
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-2796
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer Portal in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
References: https://portal.perforce.com/s/detail/a91PA000001STuXYAW
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-32475
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.
References: https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382
https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj
CWE-ID: CWE-253 CWE-617
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-32462
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
References: https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d
https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97
https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e
https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931
https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
CWE-ID: CWE-88
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-3758
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
References: https://access.redhat.com/errata/RHSA-2024:1919
https://access.redhat.com/errata/RHSA-2024:1920
https://access.redhat.com/errata/RHSA-2024:1921
https://access.redhat.com/errata/RHSA-2024:1922
https://access.redhat.com/security/cve/CVE-2023-3758
https://bugzilla.redhat.com/show_bug.cgi?id=2223762
https://github.com/SSSD/sssd/pull/7302
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-20380
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
References: https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
CWE-ID: CWE-475
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-32474
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more.
References: https://github.com/getsentry/sentry/commit/d5b34568d9f1c41362ccb62141532a0a2169512f
https://github.com/getsentry/sentry/pull/66393
https://github.com/getsentry/sentry/pull/69148
https://github.com/getsentry/sentry/security/advisories/GHSA-6cjm-4pxw-7xp9
CWE-ID: CWE-117 CWE-312
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-32477
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between `libc::tcflush(0, libc::TCIFLUSH)` and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the user input. Some ANSI escape sequences act as a info request to the master terminal emulator and the terminal emulator sends back the reply in the PTY channel. standard streams also use this channel to send and get data. For example the `\033[6n` sequence requests the current cursor position. These sequences allow us to append data to the standard input of Deno. This vulnerability allows an attacker to bypass Deno permission policy. This vulnerability is fixed in 1.42.2.
References: https://github.com/denoland/deno/security/advisories/GHSA-95cj-3hr2-7j5j
CWE-ID: CWE-362 CWE-78
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-22179
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access to the admin panel. Also vulnerable to account
takeover and arbitrary password change.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-302
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-3741
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Electrolink transmitters are vulnerable to an authentication bypass
vulnerability affecting the login cookie. An attacker can set an
arbitrary value except 'NO' to the login cookie and have full system
access.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-302
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-1491
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
The devices allow access to an unprotected endpoint that allows MPFS
file system binary image upload without authentication. The MPFS2 file
system module provides a light-weight read-only file system that can be
stored in external EEPROM, external serial flash, or internal flash
program memory. This file system serves as the basis for the HTTP2 web
server module, but is also used by the SNMP module and is available to
other applications that require basic read-only storage capabilities.
This can be exploited to overwrite the flash program memory that holds
the web server's main interfaces and execute arbitrary code.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-21872
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to reveal hidden pages that allows more critical
operations to the transmitter.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-565
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-22186
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
The application suffers from a privilege escalation vulnerability. An
attacker logged in as guest can escalate his privileges by poisoning the
cookie to become administrator.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-565
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-3742
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
CWE-ID: CWE-312
Common Platform Enumerations (CPE): Not Found