In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 15-16, 2024.
During this period, The National Vulnerability Database published 135, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 7
High: 31
Medium: 61
Low: 2
Severity Not Assigned: 34
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4847
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/alttext-ai/trunk/includes/class-atai-attachment.php#L677
https://plugins.trac.wordpress.org/changeset/3086107/
https://wordpress.org/plugins/alttext-ai/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c192623-eb46-4f1d-b897-433ac80608cb?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-32888
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.)
References: https://github.com/aws/amazon-redshift-jdbc-driver/commit/0d354a5f26ca23f7cac4e800e3b8734220230319
https://github.com/aws/amazon-redshift-jdbc-driver/commit/12a5e8ecfbb44c8154fc66041cca2e20ecd7b339
https://github.com/aws/amazon-redshift-jdbc-driver/commit/bc93694201a291493778ce5369a72befeca5ba7d
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4893
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.
References: https://www.twcert.org.tw/en/cp-139-7801-67d07-2.html
https://www.twcert.org.tw/tw/cp-132-7800-843f1-1.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4010
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks.
References: https://plugins.trac.wordpress.org/changeset/3083762/email-subscribers
https://www.wordfence.com/threat-intel/vulnerabilities/id/23bfcdd1-b99d-47eb-9f88-96f9ecc53b32?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-30284
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-30310
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-34094
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-34095
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-34096
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-34097
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-34098
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-34099
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-34100
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-6321
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
References: https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-6322
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.
References: https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-6324
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
References: https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
CWE-ID: CWE-457
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-4670
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/changeset/3085217/all-in-one-video-gallery
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2793547-5edf-4d2a-bc3b-fcaeed62963d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-5935
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself.
A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed.
References: https://security.nozominetworks.com/NN-2023:13-01
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-5936
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.
By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.
References: https://security.nozominetworks.com/NN-2023:14-01
CWE-ID: CWE-732
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-3319
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.
References: https://www.sailpoint.com/security-advisories/
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-5938
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks.
An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files extracted to arbitrary filesystem locations. Leveraging this issue, an attacker may be able to overwrite arbitrary files on the target filesystem and cause critical impacts on the system (e.g., arbitrary command execution on the victim’s machine).
References: https://security.nozominetworks.com/NN-2023:16-01
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-28042
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02
CWE-ID: CWE-1357
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-34082
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch.
References: https://github.com/getgrav/grav/commit/b6bba9eb99bf8cb55b8fa8d23f18873ca594e348
https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-3483
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
References: https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
CWE-ID: CWE-434 CWE-502 CWE-77
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-3486
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
References: https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-3892
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.6
Impact Score: 6.0
Description: A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
References: https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-3967
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 6.0
Description: Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution unisng unsafe java object deserialization.
References: https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-3968
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution using custom file upload task.
References: https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-4200
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
References: https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-4200
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-4202
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
References: https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-20366
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-31410
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: The devices which CyberPower PowerPanel manages use identical certificates based on a
hard-coded cryptographic key. This can allow an attacker to impersonate
any client in the system and send malicious data.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-31856
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An attacker with certain MQTT permissions can create malicious messages
to all CyberPower PowerPanel devices. This could result in an attacker injecting
SQL syntax, writing arbitrary files to the system, and executing remote
code.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-32047
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Hard-coded credentials for the
CyberPower PowerPanel test server can be found in the
production code. This might result in an attacker gaining access to the
testing or production server.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-489
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-32053
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Hard-coded credentials are used by the
CyberPower PowerPanel
platform to authenticate to the
database, other services, and the cloud. This could result in an
attacker gaining access to services with the privileges of a Powerpanel
business application.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-33615
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A specially crafted Zip file containing path traversal characters can be
imported to the
CyberPower PowerPanel
server, which allows file writing to the server outside
the intended scope, and could allow an attacker to achieve remote code
execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-33625
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: CyberPower PowerPanel business
application code contains a hard-coded JWT signing key. This could
result in an attacker forging JWT tokens to bypass authentication.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-259
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-34025
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: CyberPower PowerPanel business application code contains a hard-coded set of authentication
credentials. This could result in an attacker bypassing authentication
and gaining administrator privileges.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-259
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 15-16, 2024.
During this period, The National Vulnerability Database published 135, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 7
High: 31
Medium: 61
Low: 2
Severity Not Assigned: 34
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4847
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/alttext-ai/trunk/includes/class-atai-attachment.php#L677
https://plugins.trac.wordpress.org/changeset/3086107/
https://wordpress.org/plugins/alttext-ai/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c192623-eb46-4f1d-b897-433ac80608cb?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-32888
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.)
References: https://github.com/aws/amazon-redshift-jdbc-driver/commit/0d354a5f26ca23f7cac4e800e3b8734220230319
https://github.com/aws/amazon-redshift-jdbc-driver/commit/12a5e8ecfbb44c8154fc66041cca2e20ecd7b339
https://github.com/aws/amazon-redshift-jdbc-driver/commit/bc93694201a291493778ce5369a72befeca5ba7d
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4893
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.
References: https://www.twcert.org.tw/en/cp-139-7801-67d07-2.html
https://www.twcert.org.tw/tw/cp-132-7800-843f1-1.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4010
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks.
References: https://plugins.trac.wordpress.org/changeset/3083762/email-subscribers
https://www.wordfence.com/threat-intel/vulnerabilities/id/23bfcdd1-b99d-47eb-9f88-96f9ecc53b32?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-30284
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-30310
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-34094
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-34095
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-34096
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-34097
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-34098
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-34099
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-34100
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-6321
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
References: https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-6322
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.
References: https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-6324
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
References: https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
CWE-ID: CWE-457
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-4670
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/changeset/3085217/all-in-one-video-gallery
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2793547-5edf-4d2a-bc3b-fcaeed62963d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-5935
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself.
A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed.
References: https://security.nozominetworks.com/NN-2023:13-01
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-5936
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.
By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.
References: https://security.nozominetworks.com/NN-2023:14-01
CWE-ID: CWE-732
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-3319
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.
References: https://www.sailpoint.com/security-advisories/
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-5938
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks.
An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files extracted to arbitrary filesystem locations. Leveraging this issue, an attacker may be able to overwrite arbitrary files on the target filesystem and cause critical impacts on the system (e.g., arbitrary command execution on the victim’s machine).
References: https://security.nozominetworks.com/NN-2023:16-01
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-28042
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02
CWE-ID: CWE-1357
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-34082
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch.
References: https://github.com/getgrav/grav/commit/b6bba9eb99bf8cb55b8fa8d23f18873ca594e348
https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-3483
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
References: https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
CWE-ID: CWE-434 CWE-502 CWE-77
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-3486
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
References: https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-3892
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.6
Impact Score: 6.0
Description: A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
References: https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-3967
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 6.0
Description: Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution unisng unsafe java object deserialization.
References: https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-3968
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution using custom file upload task.
References: https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-4200
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
References: https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-4200
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-4202
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
References: https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-20366
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-31410
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: The devices which CyberPower PowerPanel manages use identical certificates based on a
hard-coded cryptographic key. This can allow an attacker to impersonate
any client in the system and send malicious data.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-31856
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An attacker with certain MQTT permissions can create malicious messages
to all CyberPower PowerPanel devices. This could result in an attacker injecting
SQL syntax, writing arbitrary files to the system, and executing remote
code.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-32047
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Hard-coded credentials for the
CyberPower PowerPanel test server can be found in the
production code. This might result in an attacker gaining access to the
testing or production server.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-489
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-32053
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Hard-coded credentials are used by the
CyberPower PowerPanel
platform to authenticate to the
database, other services, and the cloud. This could result in an
attacker gaining access to services with the privileges of a Powerpanel
business application.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-33615
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A specially crafted Zip file containing path traversal characters can be
imported to the
CyberPower PowerPanel
server, which allows file writing to the server outside
the intended scope, and could allow an attacker to achieve remote code
execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-33625
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: CyberPower PowerPanel business
application code contains a hard-coded JWT signing key. This could
result in an attacker forging JWT tokens to bypass authentication.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-259
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-34025
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: CyberPower PowerPanel business application code contains a hard-coded set of authentication
credentials. This could result in an attacker bypassing authentication
and gaining administrator privileges.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
CWE-ID: CWE-259
Common Platform Enumerations (CPE): Not Found