In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 22-23, 2024.
During this period, The National Vulnerability Database published 79, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 11
Medium: 13
Low: 2
Severity Not Assigned: 49
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-32693
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0.
References: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-93-0-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-32694
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62.
References: https://patchstack.com/database/vulnerability/real3d-flipbook-lite/wordpress-3d-flipbook-pdf-viewer-pdf-embedder-plugin-3-62-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-32695
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9.
References: https://patchstack.com/database/vulnerability/language-switcher-for-transposh/wordpress-language-switcher-for-transposh-plugin-1-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-32682
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.
References: https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-13-2-broken-access-control-vulnerability-2?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-4040
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
References: https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-32039
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
CWE-ID: CWE-190 CWE-787
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-32040
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-32041
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-32458
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-32459
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-32460
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-32461
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.
References: https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-32479
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.
References: https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23
https://github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b
https://github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-32480
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.
References: https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-32656
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file.
References: https://github.com/ant-media/Ant-Media-Server/commit/9cb38500729e0ff302da0290b9cfe1ec4dd6c764
https://github.com/ant-media/Ant-Media-Server/security/advisories/GHSA-qwhw-hh9j-54f5
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 22-23, 2024.
During this period, The National Vulnerability Database published 79, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 11
Medium: 13
Low: 2
Severity Not Assigned: 49
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-32693
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0.
References: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-93-0-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-32694
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62.
References: https://patchstack.com/database/vulnerability/real3d-flipbook-lite/wordpress-3d-flipbook-pdf-viewer-pdf-embedder-plugin-3-62-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-32695
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9.
References: https://patchstack.com/database/vulnerability/language-switcher-for-transposh/wordpress-language-switcher-for-transposh-plugin-1-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-32682
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.
References: https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-13-2-broken-access-control-vulnerability-2?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-4040
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
References: https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-32039
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
CWE-ID: CWE-190 CWE-787
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-32040
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-32041
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-32458
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-32459
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-32460
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
References: https://github.com/FreeRDP/FreeRDP/pull/10077
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-32461
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.
References: https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-32479
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.
References: https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23
https://github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b
https://github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-32480
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.
References: https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-32656
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file.
References: https://github.com/ant-media/Ant-Media-Server/commit/9cb38500729e0ff302da0290b9cfe1ec4dd6c764
https://github.com/ant-media/Ant-Media-Server/security/advisories/GHSA-qwhw-hh9j-54f5
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found