In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 16-17, 2024.
During this period, The National Vulnerability Database published 222, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 12
High: 65
Medium: 113
Low: 13
Severity Not Assigned: 19
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4920
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264455.
References: https://github.com/CveSecLook/cve/issues/27
https://vuldb.com/?ctiid.264455
https://vuldb.com/?id.264455
https://vuldb.com/?submit.333477
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-3750
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions.
References: https://plugins.trac.wordpress.org/browser/visualizer/trunk/classes/Visualizer/Module/Chart.php#L1421
https://plugins.trac.wordpress.org/changeset/3086048/visualizer/tags/3.11.0/classes/Visualizer/Module/Chart.php
https://plugins.trac.wordpress.org/changeset/3086048/visualizer/tags/3.11.0/classes/Visualizer/Source/Query.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d27544c-97a5-42cd-ab07-358f819acbc4?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4318
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4456
https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4575
https://plugins.trac.wordpress.org/changeset/3086489/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4844
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.
References: https://thrive.trellix.com/s/article/000013505
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-4966
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264534 is the identifier assigned to this vulnerability.
References: https://github.com/CveSecLook/cve/issues/30
https://vuldb.com/?ctiid.264534
https://vuldb.com/?id.264534
https://vuldb.com/?submit.334216
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-20791
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-20792
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-2358
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui.
References: https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-2361
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()` function within `lollms_core/lollms/binding.py`, where the application fails to properly sanitize the `file://` protocol and other inputs, leading to arbitrary read and upload capabilities. Attackers can exploit this vulnerability by manipulating the `path` and `variant_name` parameters to achieve path traversal, allowing for the reading of arbitrary files and uploading files to arbitrary locations on the server. This vulnerability affects the latest version of parisneo/lollms-webui.
References: https://huntr.com/bounties/cd383817-924a-445a-838e-d0c867c6a176
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-2366
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing an attacker to exploit path traversal to navigate to arbitrary directories. By manipulating the binding_path to point to a controlled directory and uploading a malicious __init__.py file, an attacker can execute arbitrary code on the server.
References: https://huntr.com/bounties/63266c77-408b-45ff-962c-8163db50a864
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-30274
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-30275
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/aero/apsb24-33.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-30282
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-30293
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-30294
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-30295
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-30296
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-30297
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-30307
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-3126
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utilizes 'subprocess.Popen' to execute a command constructed with a Python f-string, without adequately sanitizing the 'xtts_base_url' input. This flaw allows attackers to execute arbitrary commands remotely by manipulating the 'xtts_base_url' parameter. The vulnerability affects versions up to and including the latest version before 9.5. Successful exploitation could lead to arbitrary remote code execution (RCE) on the system where the application is deployed.
References: https://github.com/parisneo/lollms-webui/commit/41dbb1b3f2e78ea276e5269544e50514252c0c25
https://huntr.com/bounties/0e2bec70-826e-4c24-8015-31921e23fd12
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-3403
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI to retrieve or disclose the contents of any file on the system. This vulnerability could lead to various impacts, including but not limited to remote code execution by obtaining private SSH keys, unauthorized access to private files, source code disclosure facilitating further attacks, and exposure of configuration files.
References: https://huntr.com/bounties/7431d1dd-f014-4d4f-acb6-f97369ef3688
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-3435
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by sending specially crafted JSON payloads. This could lead to remote code execution (RCE) by bypassing existing patches designed to mitigate such vulnerabilities.
References: https://github.com/parisneo/lollms-webui/commit/bb99b59e710d00c4f2598faa5e183fa30fbd3bc2
https://huntr.com/bounties/494f349a-8650-4d30-a0bd-4742fda44ce5
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-3848
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
References: https://github.com/mlflow/mlflow/commit/f8d51e21523238280ebcfdb378612afd7844eca8
https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-4078
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed.
References: https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f
https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-4181
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.
References: https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba
https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-4223
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.
References: https://plugins.trac.wordpress.org/changeset/3086489/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-4321
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker can exploit this vulnerability by intercepting requests and manipulating the 'name' parameter to specify arbitrary file paths. This allows the attacker to read sensitive files on the server, leading to information leakage, including API keys and private information. The issue affects version 20240310 of the application.
References: https://huntr.com/bounties/19a16f8e-3d92-498f-abc9-8686005f067e
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-4322
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version of the application. The vulnerability is due to improper handling of user-supplied input in the `list_personalities` function, where the `category` parameter can be controlled to specify arbitrary directories for listing. Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure.
References: https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-4326
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enforcement. This issue was addressed in version 9.5.
References: https://github.com/parisneo/lollms-webui/commit/abb4c6d495a95a3ef5b114ffc57f85cd650b905e
https://huntr.com/bounties/2ab9f03d-0538-4317-be21-0748a079cbdd
CWE-ID: CWE-15
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-4642
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the 'User settings -> Webhooks' function to exploit this vulnerability to access internal HTTP(s) servers. In severe cases, such as on AWS instances, this could potentially be abused to achieve remote code execution on the victim's machine. The vulnerability is present in the latest version of the repository.
References: https://huntr.com/bounties/055eb540-57f8-46d6-b858-3a9e22d347d9
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-4222
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
References: https://www.themeum.com/product/tutor-lms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/942fffb6-2719-4b70-9759-21b2d50002c5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-4351
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.
References: https://www.themeum.com/product/tutor-lms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-4352
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://www.themeum.com/product/tutor-lms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/c647beda-cf73-4372-975f-a8c8ed05217f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-4838
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://www.convertplug.com/plus/
https://www.wordfence.com/threat-intel/vulnerabilities/id/16f5a104-dce0-4249-91b9-67f99cce16d3?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-30288
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-30289
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-30290
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-30291
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-30292
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-30314
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.
References: https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-4826
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-simple-php-shopping-cart
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-4991
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-siadmin
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-4992
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-siadmin
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-20326
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-20389
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-35187
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to the current service. Therefore, other system services and the system itself remains protected in case of a successful attack. stalwart-mail runs as a separate user, but it can give itself full privileges again in a simple way, so this protection is practically ineffective. Server admins who handed out the admin credentials to the mail server, but didn't want to hand out complete root access to the system, as well as any attacked user when the attackers gained Arbitrary Code Execution using another vulnerability, may be vulnerable. Version 0.8.0 contains a patch for the issue.
References: https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-rwp5-f854-ppg6
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-4956
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
References: https://support.sonatype.com/hc/en-us/articles/29416509323923
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-27260
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/283985
https://www.ibm.com/support/pages/node/7152543
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-1417
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application.
This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6.
References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-3286
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.
References: https://iknow.lenovo.com.cn/detail/421500
https://www.lenovoimage.com/psirt/notice/158605.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-4733
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3087047%40shiftcontroller%2Ftrunk&old=3080165%40shiftcontroller%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/9c8ab916-240d-43c3-92d4-7efd75862a5e?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
52. CVE-2022-37341
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
53. CVE-2022-37410
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00916.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-24460
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-27504
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html
CWE-ID: CWE-92
Common Platform Enumerations (CPE): Not Found
56. CVE-2023-28402
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
57. CVE-2023-38581
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
58. CVE-2023-38654
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
59. CVE-2023-40070
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
60. CVE-2023-40071
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
61. CVE-2023-41092
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html
CWE-ID: CWE-252
Common Platform Enumerations (CPE): Not Found
62. CVE-2023-42773
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-707
Common Platform Enumerations (CPE): Not Found
63. CVE-2023-43629
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
64. CVE-2023-43748
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
65. CVE-2023-45217
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
66. CVE-2023-45745
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 5.8
Description: Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
67. CVE-2023-46689
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-707
Common Platform Enumerations (CPE): Not Found
68. CVE-2023-46691
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 5.8
Description: Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
69. CVE-2024-21813
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 5.8
Description: Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html
CWE-ID: CWE-668
Common Platform Enumerations (CPE): Not Found
70. CVE-2024-21864
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 6.0
Description: Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html
CWE-ID: CWE-86
Common Platform Enumerations (CPE): Not Found
71. CVE-2024-22095
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.6
Impact Score: 6.0
Description: Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
72. CVE-2024-22382
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
73. CVE-2024-22476
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
74. CVE-2024-23487
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
75. CVE-2024-23980
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
76. CVE-2024-24981
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
77. CVE-2024-30060
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Azure Monitor Agent Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30060
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 16-17, 2024.
During this period, The National Vulnerability Database published 222, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 12
High: 65
Medium: 113
Low: 13
Severity Not Assigned: 19
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4920
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264455.
References: https://github.com/CveSecLook/cve/issues/27
https://vuldb.com/?ctiid.264455
https://vuldb.com/?id.264455
https://vuldb.com/?submit.333477
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-3750
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions.
References: https://plugins.trac.wordpress.org/browser/visualizer/trunk/classes/Visualizer/Module/Chart.php#L1421
https://plugins.trac.wordpress.org/changeset/3086048/visualizer/tags/3.11.0/classes/Visualizer/Module/Chart.php
https://plugins.trac.wordpress.org/changeset/3086048/visualizer/tags/3.11.0/classes/Visualizer/Source/Query.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d27544c-97a5-42cd-ab07-358f819acbc4?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4318
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4456
https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4575
https://plugins.trac.wordpress.org/changeset/3086489/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4844
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.
References: https://thrive.trellix.com/s/article/000013505
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-4966
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264534 is the identifier assigned to this vulnerability.
References: https://github.com/CveSecLook/cve/issues/30
https://vuldb.com/?ctiid.264534
https://vuldb.com/?id.264534
https://vuldb.com/?submit.334216
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-20791
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-20792
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-2358
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui.
References: https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-2361
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()` function within `lollms_core/lollms/binding.py`, where the application fails to properly sanitize the `file://` protocol and other inputs, leading to arbitrary read and upload capabilities. Attackers can exploit this vulnerability by manipulating the `path` and `variant_name` parameters to achieve path traversal, allowing for the reading of arbitrary files and uploading files to arbitrary locations on the server. This vulnerability affects the latest version of parisneo/lollms-webui.
References: https://huntr.com/bounties/cd383817-924a-445a-838e-d0c867c6a176
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-2366
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing an attacker to exploit path traversal to navigate to arbitrary directories. By manipulating the binding_path to point to a controlled directory and uploading a malicious __init__.py file, an attacker can execute arbitrary code on the server.
References: https://huntr.com/bounties/63266c77-408b-45ff-962c-8163db50a864
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-30274
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-30275
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/aero/apsb24-33.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-30282
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-30293
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-30294
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-30295
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-30296
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-30297
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/animate/apsb24-36.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-30307
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-3126
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utilizes 'subprocess.Popen' to execute a command constructed with a Python f-string, without adequately sanitizing the 'xtts_base_url' input. This flaw allows attackers to execute arbitrary commands remotely by manipulating the 'xtts_base_url' parameter. The vulnerability affects versions up to and including the latest version before 9.5. Successful exploitation could lead to arbitrary remote code execution (RCE) on the system where the application is deployed.
References: https://github.com/parisneo/lollms-webui/commit/41dbb1b3f2e78ea276e5269544e50514252c0c25
https://huntr.com/bounties/0e2bec70-826e-4c24-8015-31921e23fd12
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-3403
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI to retrieve or disclose the contents of any file on the system. This vulnerability could lead to various impacts, including but not limited to remote code execution by obtaining private SSH keys, unauthorized access to private files, source code disclosure facilitating further attacks, and exposure of configuration files.
References: https://huntr.com/bounties/7431d1dd-f014-4d4f-acb6-f97369ef3688
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-3435
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by sending specially crafted JSON payloads. This could lead to remote code execution (RCE) by bypassing existing patches designed to mitigate such vulnerabilities.
References: https://github.com/parisneo/lollms-webui/commit/bb99b59e710d00c4f2598faa5e183fa30fbd3bc2
https://huntr.com/bounties/494f349a-8650-4d30-a0bd-4742fda44ce5
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-3848
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
References: https://github.com/mlflow/mlflow/commit/f8d51e21523238280ebcfdb378612afd7844eca8
https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-4078
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed.
References: https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f
https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-4181
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.
References: https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba
https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-4223
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.
References: https://plugins.trac.wordpress.org/changeset/3086489/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-4321
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker can exploit this vulnerability by intercepting requests and manipulating the 'name' parameter to specify arbitrary file paths. This allows the attacker to read sensitive files on the server, leading to information leakage, including API keys and private information. The issue affects version 20240310 of the application.
References: https://huntr.com/bounties/19a16f8e-3d92-498f-abc9-8686005f067e
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-4322
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version of the application. The vulnerability is due to improper handling of user-supplied input in the `list_personalities` function, where the `category` parameter can be controlled to specify arbitrary directories for listing. Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure.
References: https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-4326
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enforcement. This issue was addressed in version 9.5.
References: https://github.com/parisneo/lollms-webui/commit/abb4c6d495a95a3ef5b114ffc57f85cd650b905e
https://huntr.com/bounties/2ab9f03d-0538-4317-be21-0748a079cbdd
CWE-ID: CWE-15
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-4642
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the 'User settings -> Webhooks' function to exploit this vulnerability to access internal HTTP(s) servers. In severe cases, such as on AWS instances, this could potentially be abused to achieve remote code execution on the victim's machine. The vulnerability is present in the latest version of the repository.
References: https://huntr.com/bounties/055eb540-57f8-46d6-b858-3a9e22d347d9
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-4222
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
References: https://www.themeum.com/product/tutor-lms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/942fffb6-2719-4b70-9759-21b2d50002c5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-4351
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.
References: https://www.themeum.com/product/tutor-lms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-4352
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://www.themeum.com/product/tutor-lms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/c647beda-cf73-4372-975f-a8c8ed05217f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-4838
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://www.convertplug.com/plus/
https://www.wordfence.com/threat-intel/vulnerabilities/id/16f5a104-dce0-4249-91b9-67f99cce16d3?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-30288
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-30289
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-30290
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-30291
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-30292
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-30314
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.
References: https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-4826
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-simple-php-shopping-cart
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-4991
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-siadmin
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-4992
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-siadmin
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-20326
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-20389
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-35187
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to the current service. Therefore, other system services and the system itself remains protected in case of a successful attack. stalwart-mail runs as a separate user, but it can give itself full privileges again in a simple way, so this protection is practically ineffective. Server admins who handed out the admin credentials to the mail server, but didn't want to hand out complete root access to the system, as well as any attacked user when the attackers gained Arbitrary Code Execution using another vulnerability, may be vulnerable. Version 0.8.0 contains a patch for the issue.
References: https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-rwp5-f854-ppg6
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-4956
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
References: https://support.sonatype.com/hc/en-us/articles/29416509323923
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-27260
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/283985
https://www.ibm.com/support/pages/node/7152543
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-1417
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application.
This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6.
References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-3286
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.
References: https://iknow.lenovo.com.cn/detail/421500
https://www.lenovoimage.com/psirt/notice/158605.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-4733
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3087047%40shiftcontroller%2Ftrunk&old=3080165%40shiftcontroller%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/9c8ab916-240d-43c3-92d4-7efd75862a5e?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
52. CVE-2022-37341
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
53. CVE-2022-37410
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00916.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-24460
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-27504
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html
CWE-ID: CWE-92
Common Platform Enumerations (CPE): Not Found
56. CVE-2023-28402
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
57. CVE-2023-38581
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
58. CVE-2023-38654
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
59. CVE-2023-40070
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
60. CVE-2023-40071
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
61. CVE-2023-41092
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html
CWE-ID: CWE-252
Common Platform Enumerations (CPE): Not Found
62. CVE-2023-42773
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-707
Common Platform Enumerations (CPE): Not Found
63. CVE-2023-43629
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
64. CVE-2023-43748
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
65. CVE-2023-45217
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
66. CVE-2023-45745
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 5.8
Description: Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
67. CVE-2023-46689
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-707
Common Platform Enumerations (CPE): Not Found
68. CVE-2023-46691
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 5.8
Description: Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
69. CVE-2024-21813
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 5.8
Description: Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html
CWE-ID: CWE-668
Common Platform Enumerations (CPE): Not Found
70. CVE-2024-21864
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 6.0
Description: Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html
CWE-ID: CWE-86
Common Platform Enumerations (CPE): Not Found
71. CVE-2024-22095
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.6
Impact Score: 6.0
Description: Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
72. CVE-2024-22382
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
73. CVE-2024-22476
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
74. CVE-2024-23487
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
75. CVE-2024-23980
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
76. CVE-2024-24981
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
77. CVE-2024-30060
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Azure Monitor Agent Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30060
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found