In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 07-08, 2024.
During this period, The National Vulnerability Database published 188, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 50
Medium: 51
Low: 19
Severity Not Assigned: 65
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-22472
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description:
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution
This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2
running on Silicon Labs 500 series Z-wave devices.
References: https://community.silabs.com/068Vm000004rZwm
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-4186
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.
References: https://plugins.trac.wordpress.org/browser/edwiser-bridge/tags/3.0.4/includes/class-eb-user-manager.php#L1571
https://plugins.trac.wordpress.org/changeset/3081961/edwiser-bridge#file1
https://www.wordfence.com/threat-intel/vulnerabilities/id/6969d281-f280-4714-9859-38ac66e9cc60?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4345
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7
https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets
https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4346
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7
https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets
https://www.wordfence.com/threat-intel/vulnerabilities/id/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-4582
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304.
References: https://file.notion.so/f/f/3f67e7ef-2ba8-446a-9721-f87d0baa1695/fa61d774-823d-4516-8ff3-73c310ff7801/command_injection_submit.py?id=6d18aced-daaa-4e52-a0e8-9d1c5e00acee&table=block&spaceId=3f67e7ef-2ba8-446a-9721-f87d0baa1695&expirationTimestamp=171514800
https://netsecfish.notion.site/Command-Injection-in-Faraday-Technology-GM828x-GM8181-DVR-1bc02d17ee5540a08273da2850e809c4?pvs=4
https://vuldb.com/?ctiid.263304
https://vuldb.com/?id.263304
https://vuldb.com/?submit.324393
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-4599
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/denial-service-vulnerability-lan-messenger
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-4537
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-4538
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-4600
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file.
References: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-29889
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.
References: https://github.com/glpi-project/glpi/commit/0a6b28be4c0f848106c60b554c703ec2e178d6c7
https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-31456
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
References: https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26
https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-32663
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).
References: https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64
https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019
https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5
https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
https://redmine.openinfosecfoundation.org/issues/6892
https://redmine.openinfosecfoundation.org/issues/6900
CWE-ID: CWE-400 CWE-770
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-34084
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48.
References: https://github.com/stacklok/minder/commit/3e5a527d2f1b535159206161d1d519602c75bd0d
https://github.com/stacklok/minder/security/advisories/GHSA-9c5w-9q3f-3hv7
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-34342
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.5
Description: react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.
References: https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6
https://github.com/mozilla/pdf.js/pull/18015
https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq
https://github.com/wojtekmaj/react-pdf/commit/208f28dd47fe38c33ce4bac4205b2b0a0bb207fe
https://github.com/wojtekmaj/react-pdf/commit/671e6eaa2e373e404040c13cc6b668fe39839cad
https://github.com/wojtekmaj/react-pdf/security/advisories/GHSA-87hq-q4gp-9wr4
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-29207
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system.
Affected Products:
UniFi Connect Application (Version 3.7.9 and earlier)
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.6.225 and earlier)
Mitigation:
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
References: https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-27273
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 6.0
Description: IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/284903
https://www.ibm.com/support/pages/node/7150297
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-34346
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `--allow-env`, and writing `/proc/self/mem` may provide access equivalent to `--allow-all`. Users who grant read and write access to the entire filesystem may not realize that these access to these files may have additional, unintended consequences. The documentation did not reflect that this practice should be undertaken to increase the strength of the security sandbox. Users who run code with `--allow-read` or `--allow-write` may unexpectedly end up granting additional permissions via file-system operations. Deno 1.43 and above require explicit `--allow-all` access to read or write `/etc`, `/dev` on unix platform (as well as `/proc` and `/sys` on linux platforms), and any path starting with `\` on Windows.
References: https://github.com/denoland/deno/security/advisories/GHSA-23rx-c3g5-hv9w
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
18. CVE-2021-34947
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13055.
References: https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
19. CVE-2021-34948
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1179/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
20. CVE-2021-34950
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14396.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1181/
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
21. CVE-2021-34952
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1183/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
22. CVE-2021-34953
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1184/
CWE-ID: CWE-457
Common Platform Enumerations (CPE): Not Found
23. CVE-2021-34954
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14355.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1185/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
24. CVE-2021-34955
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1186/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
25. CVE-2021-34956
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14357.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1187/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
26. CVE-2021-34957
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1188/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
27. CVE-2021-34958
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1189/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
28. CVE-2021-34959
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14360.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1190/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
29. CVE-2021-34960
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1191/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
30. CVE-2021-34961
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1192/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
31. CVE-2021-34962
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1193/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
32. CVE-2021-34963
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1194/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
33. CVE-2021-34964
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1195/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
34. CVE-2021-34965
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1196/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
35. CVE-2021-34966
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1197/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
36. CVE-2021-34967
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1198/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
37. CVE-2021-34968
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1199/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
38. CVE-2021-34971
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1202/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
39. CVE-2021-34974
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1205/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
40. CVE-2021-34975
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1206/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
41. CVE-2021-34981
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977.
References: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
42. CVE-2021-34982
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13709.
References: https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
43. CVE-2021-35002
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122.
References: https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It
https://www.zerodayinitiative.com/advisories/ZDI-22-002/
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
44. CVE-2022-0369
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-450/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
45. CVE-2022-43651
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18960.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-346/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
46. CVE-2022-43653
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-348/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
47. CVE-2022-43654
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227.
References: https://kb.netgear.com/000065527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Cable-Modem-Routers-PSV-2022-0208
https://www.zerodayinitiative.com/advisories/ZDI-23-214/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
48. CVE-2022-43655
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-344/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-27321
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.
References: https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-27321.pdf
https://www.zerodayinitiative.com/advisories/ZDI-23-548/
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-35748
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20076.
References: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
https://www.zerodayinitiative.com/advisories/ZDI-23-1253/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-35749
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077.
References: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
https://www.zerodayinitiative.com/advisories/ZDI-23-1254/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-35757
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20085.
References: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
https://www.zerodayinitiative.com/advisories/ZDI-23-1262/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-40490
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21438.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-1190/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 07-08, 2024.
During this period, The National Vulnerability Database published 188, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 50
Medium: 51
Low: 19
Severity Not Assigned: 65
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-22472
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description:
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution
This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2
running on Silicon Labs 500 series Z-wave devices.
References: https://community.silabs.com/068Vm000004rZwm
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-4186
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.
References: https://plugins.trac.wordpress.org/browser/edwiser-bridge/tags/3.0.4/includes/class-eb-user-manager.php#L1571
https://plugins.trac.wordpress.org/changeset/3081961/edwiser-bridge#file1
https://www.wordfence.com/threat-intel/vulnerabilities/id/6969d281-f280-4714-9859-38ac66e9cc60?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4345
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7
https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets
https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4346
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7
https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets
https://www.wordfence.com/threat-intel/vulnerabilities/id/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-4582
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304.
References: https://file.notion.so/f/f/3f67e7ef-2ba8-446a-9721-f87d0baa1695/fa61d774-823d-4516-8ff3-73c310ff7801/command_injection_submit.py?id=6d18aced-daaa-4e52-a0e8-9d1c5e00acee&table=block&spaceId=3f67e7ef-2ba8-446a-9721-f87d0baa1695&expirationTimestamp=171514800
https://netsecfish.notion.site/Command-Injection-in-Faraday-Technology-GM828x-GM8181-DVR-1bc02d17ee5540a08273da2850e809c4?pvs=4
https://vuldb.com/?ctiid.263304
https://vuldb.com/?id.263304
https://vuldb.com/?submit.324393
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-4599
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/denial-service-vulnerability-lan-messenger
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-4537
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-4538
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-4600
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file.
References: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-29889
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.
References: https://github.com/glpi-project/glpi/commit/0a6b28be4c0f848106c60b554c703ec2e178d6c7
https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-31456
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
References: https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26
https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-32663
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).
References: https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64
https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019
https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5
https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
https://redmine.openinfosecfoundation.org/issues/6892
https://redmine.openinfosecfoundation.org/issues/6900
CWE-ID: CWE-400 CWE-770
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-34084
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48.
References: https://github.com/stacklok/minder/commit/3e5a527d2f1b535159206161d1d519602c75bd0d
https://github.com/stacklok/minder/security/advisories/GHSA-9c5w-9q3f-3hv7
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-34342
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.5
Description: react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.
References: https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6
https://github.com/mozilla/pdf.js/pull/18015
https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq
https://github.com/wojtekmaj/react-pdf/commit/208f28dd47fe38c33ce4bac4205b2b0a0bb207fe
https://github.com/wojtekmaj/react-pdf/commit/671e6eaa2e373e404040c13cc6b668fe39839cad
https://github.com/wojtekmaj/react-pdf/security/advisories/GHSA-87hq-q4gp-9wr4
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-29207
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system.
Affected Products:
UniFi Connect Application (Version 3.7.9 and earlier)
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.6.225 and earlier)
Mitigation:
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
References: https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-27273
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 6.0
Description: IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/284903
https://www.ibm.com/support/pages/node/7150297
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-34346
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `--allow-env`, and writing `/proc/self/mem` may provide access equivalent to `--allow-all`. Users who grant read and write access to the entire filesystem may not realize that these access to these files may have additional, unintended consequences. The documentation did not reflect that this practice should be undertaken to increase the strength of the security sandbox. Users who run code with `--allow-read` or `--allow-write` may unexpectedly end up granting additional permissions via file-system operations. Deno 1.43 and above require explicit `--allow-all` access to read or write `/etc`, `/dev` on unix platform (as well as `/proc` and `/sys` on linux platforms), and any path starting with `\` on Windows.
References: https://github.com/denoland/deno/security/advisories/GHSA-23rx-c3g5-hv9w
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
18. CVE-2021-34947
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13055.
References: https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
19. CVE-2021-34948
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1179/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
20. CVE-2021-34950
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14396.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1181/
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
21. CVE-2021-34952
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1183/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
22. CVE-2021-34953
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1184/
CWE-ID: CWE-457
Common Platform Enumerations (CPE): Not Found
23. CVE-2021-34954
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14355.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1185/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
24. CVE-2021-34955
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1186/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
25. CVE-2021-34956
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14357.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1187/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
26. CVE-2021-34957
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1188/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
27. CVE-2021-34958
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1189/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
28. CVE-2021-34959
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14360.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1190/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
29. CVE-2021-34960
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1191/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
30. CVE-2021-34961
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1192/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
31. CVE-2021-34962
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1193/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
32. CVE-2021-34963
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1194/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
33. CVE-2021-34964
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1195/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
34. CVE-2021-34965
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1196/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
35. CVE-2021-34966
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1197/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
36. CVE-2021-34967
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1198/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
37. CVE-2021-34968
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1199/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
38. CVE-2021-34971
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1202/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
39. CVE-2021-34974
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1205/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
40. CVE-2021-34975
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218.
References: https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1206/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
41. CVE-2021-34981
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977.
References: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
42. CVE-2021-34982
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13709.
References: https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
43. CVE-2021-35002
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122.
References: https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It
https://www.zerodayinitiative.com/advisories/ZDI-22-002/
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
44. CVE-2022-0369
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-450/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
45. CVE-2022-43651
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18960.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-346/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
46. CVE-2022-43653
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-348/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
47. CVE-2022-43654
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227.
References: https://kb.netgear.com/000065527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Cable-Modem-Routers-PSV-2022-0208
https://www.zerodayinitiative.com/advisories/ZDI-23-214/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
48. CVE-2022-43655
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-344/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-27321
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.
References: https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-27321.pdf
https://www.zerodayinitiative.com/advisories/ZDI-23-548/
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-35748
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20076.
References: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
https://www.zerodayinitiative.com/advisories/ZDI-23-1253/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-35749
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077.
References: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
https://www.zerodayinitiative.com/advisories/ZDI-23-1254/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-35757
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20085.
References: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
https://www.zerodayinitiative.com/advisories/ZDI-23-1262/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-40490
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21438.
References: https://www.zerodayinitiative.com/advisories/ZDI-23-1190/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found