In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 12-13, 2024.
During this period, The National Vulnerability Database published 124, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 15
Medium: 61
Low: 4
Severity Not Assigned: 40
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4315
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability.
References: https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6
https://huntr.com/bounties/8a1b0197-2c36-4276-b92b-630a2a9bb09c
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5543
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/slideshow-gallery/trunk/slideshow-gallery.php#L620
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3100785%40slideshow-gallery%2Ftrunk&old=3098970%40slideshow-gallery%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/5edd72d9-3086-4f4f-ae5b-830c8621b83a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-2698
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.
In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.
References: https://access.redhat.com/errata/RHSA-2024:3754
https://access.redhat.com/errata/RHSA-2024:3755
https://access.redhat.com/errata/RHSA-2024:3757
https://access.redhat.com/errata/RHSA-2024:3759
https://access.redhat.com/security/cve/CVE-2024-2698
https://bugzilla.redhat.com/show_bug.cgi?id=2270353
https://www.freeipa.org/release-notes/4-12-1.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-3183
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
References: https://access.redhat.com/errata/RHSA-2024:3754
https://access.redhat.com/errata/RHSA-2024:3755
https://access.redhat.com/errata/RHSA-2024:3756
https://access.redhat.com/errata/RHSA-2024:3757
https://access.redhat.com/errata/RHSA-2024:3758
https://access.redhat.com/errata/RHSA-2024:3759
https://access.redhat.com/errata/RHSA-2024:3760
https://access.redhat.com/errata/RHSA-2024:3761
https://access.redhat.com/errata/RHSA-2024:3775
https://access.redhat.com/security/cve/CVE-2024-3183
https://bugzilla.redhat.com/show_bug.cgi?id=2270685
https://www.freeipa.org/release-notes/4-12-1.html
CWE-ID: CWE-916
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5154
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.8
Description: A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
References: https://access.redhat.com/errata/RHSA-2024:3676
https://access.redhat.com/security/cve/CVE-2024-5154
https://bugzilla.redhat.com/show_bug.cgi?id=2280190
https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
CWE-ID: CWE-668
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-48280
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1.
References: https://patchstack.com/database/vulnerability/consensu-io/wordpress-consensu-io-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-4845
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3098321/email-subscribers
https://www.wordfence.com/threat-intel/vulnerabilities/id/21be2215-8ce0-438e-94e0-6a350b8cc952?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-4898
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts.
References: https://plugins.trac.wordpress.org/browser/instawp-connect/tags/0.1.0.38/includes/class-instawp-rest-api.php#L926
https://www.wordfence.com/threat-intel/vulnerabilities/id/92a00fb4-7b50-43fd-ac04-5d6e29336e9c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-5211
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in the 'storage' directory, such as internal communication keys and .env secrets. Exploitation of this vulnerability could lead to application compromise, denial of service (DoS) attacks, and unauthorized admin account takeover. The issue stems from improper validation of user-supplied input in the process of setting a custom logo for the app, which can be manipulated to achieve arbitrary file read, deletion, or overwrite, and to execute a DoS attack by deleting critical files required for the application's operation.
References: https://github.com/mintplex-labs/anything-llm/commit/e208074ef4c240fe03e4147ab097ec3b52b97619
https://huntr.com/bounties/38f282cb-7226-435e-9832-2d4a102dad4b
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-25949
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.
References: https://www.dell.com/support/kbdoc/en-us/000225922/dsa-2024-087-security-update-for-dell-networking-os10-vulnerability
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-28964
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.
References: https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-34065
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch.
References: https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc
CWE-ID: CWE-294 CWE-601
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-37300
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with `GlobusOAuthenticator`, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because `allow_all` did not take precedence over `identity_provider`. Since JupyterHub 5.0, `allow_all` does take precedence over `identity_provider`. On a hub with the same config, now all users will be allowed to login, regardless of `identity_provider`. `identity_provider` will basically be ignored. This is a documented change in JupyterHub 5.0, but is likely to catch many users by surprise. OAuthenticator 16.3.1 fixes the issue with JupyterHub 5.0, and does not affect previous versions. As a workaround, do not upgrade to JupyterHub 5.0 when using `GlobusOAuthenticator` in the prior configuration.
References: https://github.com/jupyterhub/oauthenticator/commit/d1aea05fa89f2beae15ab0fa0b0d071030f79654
https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-gprj-3p75-f996
https://jupyterhub.readthedocs.io/en/stable/howto/upgrading-v5.html#authenticator-allow-all-and-allow-existing-users
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-5896
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268140.
References: https://github.com/Hefei-Coffee/cve/blob/main/sql12.md
https://vuldb.com/?ctiid.268140
https://vuldb.com/?id.268140
https://vuldb.com/?submit.354925
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-37036
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass
when sending a malformed POST request and particular configuration parameters are set.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-37037
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path
Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s
web interface to corrupt files and impact device functionality when sending a crafted HTTP
request.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-37038
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated
user with access to the device’s web interface to perform unauthorized file and firmware
uploads when crafting custom web requests.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-0865
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege
escalation when logged in as a non-administrative user.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-2747
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could
cause privilege escalation when a valid user replaces a trusted file name on the system and
reboots the machine.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf
CWE-ID: CWE-428
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 12-13, 2024.
During this period, The National Vulnerability Database published 124, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 15
Medium: 61
Low: 4
Severity Not Assigned: 40
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4315
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability.
References: https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6
https://huntr.com/bounties/8a1b0197-2c36-4276-b92b-630a2a9bb09c
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5543
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/slideshow-gallery/trunk/slideshow-gallery.php#L620
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3100785%40slideshow-gallery%2Ftrunk&old=3098970%40slideshow-gallery%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/5edd72d9-3086-4f4f-ae5b-830c8621b83a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-2698
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.
In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.
References: https://access.redhat.com/errata/RHSA-2024:3754
https://access.redhat.com/errata/RHSA-2024:3755
https://access.redhat.com/errata/RHSA-2024:3757
https://access.redhat.com/errata/RHSA-2024:3759
https://access.redhat.com/security/cve/CVE-2024-2698
https://bugzilla.redhat.com/show_bug.cgi?id=2270353
https://www.freeipa.org/release-notes/4-12-1.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-3183
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
References: https://access.redhat.com/errata/RHSA-2024:3754
https://access.redhat.com/errata/RHSA-2024:3755
https://access.redhat.com/errata/RHSA-2024:3756
https://access.redhat.com/errata/RHSA-2024:3757
https://access.redhat.com/errata/RHSA-2024:3758
https://access.redhat.com/errata/RHSA-2024:3759
https://access.redhat.com/errata/RHSA-2024:3760
https://access.redhat.com/errata/RHSA-2024:3761
https://access.redhat.com/errata/RHSA-2024:3775
https://access.redhat.com/security/cve/CVE-2024-3183
https://bugzilla.redhat.com/show_bug.cgi?id=2270685
https://www.freeipa.org/release-notes/4-12-1.html
CWE-ID: CWE-916
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5154
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.8
Description: A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
References: https://access.redhat.com/errata/RHSA-2024:3676
https://access.redhat.com/security/cve/CVE-2024-5154
https://bugzilla.redhat.com/show_bug.cgi?id=2280190
https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
CWE-ID: CWE-668
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-48280
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1.
References: https://patchstack.com/database/vulnerability/consensu-io/wordpress-consensu-io-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-4845
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3098321/email-subscribers
https://www.wordfence.com/threat-intel/vulnerabilities/id/21be2215-8ce0-438e-94e0-6a350b8cc952?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-4898
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts.
References: https://plugins.trac.wordpress.org/browser/instawp-connect/tags/0.1.0.38/includes/class-instawp-rest-api.php#L926
https://www.wordfence.com/threat-intel/vulnerabilities/id/92a00fb4-7b50-43fd-ac04-5d6e29336e9c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-5211
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in the 'storage' directory, such as internal communication keys and .env secrets. Exploitation of this vulnerability could lead to application compromise, denial of service (DoS) attacks, and unauthorized admin account takeover. The issue stems from improper validation of user-supplied input in the process of setting a custom logo for the app, which can be manipulated to achieve arbitrary file read, deletion, or overwrite, and to execute a DoS attack by deleting critical files required for the application's operation.
References: https://github.com/mintplex-labs/anything-llm/commit/e208074ef4c240fe03e4147ab097ec3b52b97619
https://huntr.com/bounties/38f282cb-7226-435e-9832-2d4a102dad4b
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-25949
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.
References: https://www.dell.com/support/kbdoc/en-us/000225922/dsa-2024-087-security-update-for-dell-networking-os10-vulnerability
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-28964
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.
References: https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-34065
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch.
References: https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc
CWE-ID: CWE-294 CWE-601
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-37300
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with `GlobusOAuthenticator`, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because `allow_all` did not take precedence over `identity_provider`. Since JupyterHub 5.0, `allow_all` does take precedence over `identity_provider`. On a hub with the same config, now all users will be allowed to login, regardless of `identity_provider`. `identity_provider` will basically be ignored. This is a documented change in JupyterHub 5.0, but is likely to catch many users by surprise. OAuthenticator 16.3.1 fixes the issue with JupyterHub 5.0, and does not affect previous versions. As a workaround, do not upgrade to JupyterHub 5.0 when using `GlobusOAuthenticator` in the prior configuration.
References: https://github.com/jupyterhub/oauthenticator/commit/d1aea05fa89f2beae15ab0fa0b0d071030f79654
https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-gprj-3p75-f996
https://jupyterhub.readthedocs.io/en/stable/howto/upgrading-v5.html#authenticator-allow-all-and-allow-existing-users
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-5896
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268140.
References: https://github.com/Hefei-Coffee/cve/blob/main/sql12.md
https://vuldb.com/?ctiid.268140
https://vuldb.com/?id.268140
https://vuldb.com/?submit.354925
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-37036
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass
when sending a malformed POST request and particular configuration parameters are set.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-37037
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path
Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s
web interface to corrupt files and impact device functionality when sending a crafted HTTP
request.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-37038
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated
user with access to the device’s web interface to perform unauthorized file and firmware
uploads when crafting custom web requests.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-0865
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege
escalation when logged in as a non-administrative user.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-2747
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could
cause privilege escalation when a valid user replaces a trusted file name on the system and
reboots the machine.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf
CWE-ID: CWE-428
Common Platform Enumerations (CPE): Not Found