In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 23-24, 2024.
During this period, The National Vulnerability Database published 68, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 10
Medium: 25
Low: 7
Severity Not Assigned: 23
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-3293
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3071359/buddypress-media
https://www.wordfence.com/threat-intel/vulnerabilities/id/32b6938a-0566-46c8-8761-0403b3a0e3e9?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21511
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
References: https://github.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713
https://github.com/sidorares/node-mysql2/pull/2608
https://github.com/sidorares/node-mysql2/releases/tag/v3.9.7
https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-2493
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.
References: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-122/index.html
CWE-ID: CWE-614
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-28130
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
CWE-ID: CWE-704
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-32658
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
https://oss-fuzz.com/testcase-detail/4852534033317888
https://oss-fuzz.com/testcase-detail/6196819496337408
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-32659
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
https://oss-fuzz.com/testcase-detail/6156779722440704
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-32660
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx
https://oss-fuzz.com/testcase-detail/5559242514825216
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-32661
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-4064
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/R7WebsSecurityHandler.md
https://vuldb.com/?ctiid.261790
https://vuldb.com/?id.261790
https://vuldb.com/?submit.316493
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-4065
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md
https://vuldb.com/?ctiid.261791
https://vuldb.com/?id.261791
https://vuldb.com/?submit.316494
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-32662
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4
https://oss-fuzz.com/testcase-detail/4985227207311360
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-32866
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.
References: https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117
https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de
https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf
CWE-ID: CWE-1321
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-4066
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/fromAdvSetMacMtuWan.md
https://vuldb.com/?ctiid.261792
https://vuldb.com/?id.261792
https://vuldb.com/?submit.316495
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 23-24, 2024.
During this period, The National Vulnerability Database published 68, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 10
Medium: 25
Low: 7
Severity Not Assigned: 23
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-3293
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3071359/buddypress-media
https://www.wordfence.com/threat-intel/vulnerabilities/id/32b6938a-0566-46c8-8761-0403b3a0e3e9?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21511
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
References: https://github.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713
https://github.com/sidorares/node-mysql2/pull/2608
https://github.com/sidorares/node-mysql2/releases/tag/v3.9.7
https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-2493
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.
References: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-122/index.html
CWE-ID: CWE-614
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-28130
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
CWE-ID: CWE-704
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-32658
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
https://oss-fuzz.com/testcase-detail/4852534033317888
https://oss-fuzz.com/testcase-detail/6196819496337408
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-32659
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
https://oss-fuzz.com/testcase-detail/6156779722440704
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-32660
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx
https://oss-fuzz.com/testcase-detail/5559242514825216
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-32661
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-4064
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/R7WebsSecurityHandler.md
https://vuldb.com/?ctiid.261790
https://vuldb.com/?id.261790
https://vuldb.com/?submit.316493
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-4065
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md
https://vuldb.com/?ctiid.261791
https://vuldb.com/?id.261791
https://vuldb.com/?submit.316494
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-32662
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References: https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4
https://oss-fuzz.com/testcase-detail/4985227207311360
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-32866
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.
References: https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117
https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de
https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf
CWE-ID: CWE-1321
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-4066
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/fromAdvSetMacMtuWan.md
https://vuldb.com/?ctiid.261792
https://vuldb.com/?id.261792
https://vuldb.com/?submit.316495
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found