In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between July 24-25, 2024.
During this period, The National Vulnerability Database published 85, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 14
Medium: 30
Low: 5
Severity Not Assigned: 33
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-6750
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.
References: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-6753
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-6756
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. An attacker can use CVE-2024-6754 to exploit with subscriber-level access.
References: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-7027
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id.
References: https://codecanyon.net/item/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin/7392046
https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-45249
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
References: https://security-advisory.acronis.com/advisories/SEC-6452
CWE-ID: CWE-1393
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-6096
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
References: https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096
CWE-ID: CWE-470
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-6327
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
References: https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327
https://www.telerik.com/report-server
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-22443
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-41914
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.8
Description: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-41110
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.
Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.
docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.
References: https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
CWE-ID: CWE-187 CWE-444 CWE-863
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-41662
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.
References: https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545
https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxc
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-41667
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4.
References: https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8
https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-41672
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other similar functions do NOT provide access. There seem to be two vectors to this vulnerability. First, access to files that should otherwise not be allowed. Second, the content from a file can be read (e.g. `/etc/hosts`, `proc/self/environ`, etc) even though that doesn't seem to be the intent of the sniff_csv function. A fix for this issue is available in commit c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a and is expected to be part of version 1.1.0.
References: https://github.com/duckdb/duckdb/commit/c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a
https://github.com/duckdb/duckdb/pull/13133
https://github.com/duckdb/duckdb/security/advisories/GHSA-w2gf-jxc9-pf2q
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-33519
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References: https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-41133
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
References: https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-41134
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
References: https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-41135
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
References: https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between July 24-25, 2024.
During this period, The National Vulnerability Database published 85, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 14
Medium: 30
Low: 5
Severity Not Assigned: 33
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-6750
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.
References: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-6753
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-6756
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. An attacker can use CVE-2024-6754 to exploit with subscriber-level access.
References: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-7027
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id.
References: https://codecanyon.net/item/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin/7392046
https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-45249
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
References: https://security-advisory.acronis.com/advisories/SEC-6452
CWE-ID: CWE-1393
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-6096
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
References: https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096
CWE-ID: CWE-470
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-6327
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
References: https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327
https://www.telerik.com/report-server
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-22443
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-41914
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.8
Description: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-41110
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.
Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.
docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.
References: https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
CWE-ID: CWE-187 CWE-444 CWE-863
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-41662
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.
References: https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545
https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxc
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-41667
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4.
References: https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8
https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-41672
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other similar functions do NOT provide access. There seem to be two vectors to this vulnerability. First, access to files that should otherwise not be allowed. Second, the content from a file can be read (e.g. `/etc/hosts`, `proc/self/environ`, etc) even though that doesn't seem to be the intent of the sniff_csv function. A fix for this issue is available in commit c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a and is expected to be part of version 1.1.0.
References: https://github.com/duckdb/duckdb/commit/c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a
https://github.com/duckdb/duckdb/pull/13133
https://github.com/duckdb/duckdb/security/advisories/GHSA-w2gf-jxc9-pf2q
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-33519
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References: https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-41133
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
References: https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-41134
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
References: https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-41135
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
References: https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found