In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between septiembre 17-18, 2024.
During this period, The National Vulnerability Database published 181, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 37
Medium: 40
Low: 0
Severity Not Assigned: 95
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-27869
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.
References: https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121250
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-27874
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.
References: https://support.apple.com/en-us/121250
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-27876
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
References: https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250
CWE-ID: CWE-362
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-27879
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.
References: https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121250
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-40841
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.
References: https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121247
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-40852
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.
References: https://support.apple.com/en-us/121250
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-40861
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.
References: https://support.apple.com/en-us/121238
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-44132
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References: https://support.apple.com/en-us/121238
CWE-ID: CWE-61
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-44147
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.
References: https://support.apple.com/en-us/121250
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-44160
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
References: https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121247
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-44169
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.
References: https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121240
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121248
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-45496
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.
References: https://access.redhat.com/security/cve/CVE-2024-45496
https://bugzilla.redhat.com/show_bug.cgi?id=2308661
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-7387
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.
References: https://access.redhat.com/security/cve/CVE-2024-7387
https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-8110
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer.
If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart.
If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable.
References: https://web-material3.yokogawa.com/1/36276/files/YSAR-24-0003-E.pdf
CWE-ID: CWE-252
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-8490
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://plugins.trac.wordpress.org/browser/propertyhive/tags/2.0.19/includes/class-ph-ajax.php#L1089
https://plugins.trac.wordpress.org/browser/propertyhive/tags/2.0.19/includes/class-ph-ajax.php#L976
https://plugins.trac.wordpress.org/changeset/3152548/
https://www.wordfence.com/threat-intel/vulnerabilities/id/17c06c83-6707-4233-a1c3-ef4cdcf93982?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-8761
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
References: https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.03/assets/js/sti.js#L693
https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.03/includes/class-sti-shortlink.php#L64
https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.03/includes/class-sti-shortlink.php#L74
https://plugins.trac.wordpress.org/changeset/3152564/
https://wordpress.org/plugins/share-this-image/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/1e72d5c7-c601-4775-a825-4786bbd1b5f0?source=cve
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-8767
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
References: https://security-advisory.acronis.com/advisories/SEC-4976
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-46085
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
References: https://github.com/RainingSEC/cms/tree/main/11/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-46362
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
References: https://github.com/ohuquq/cms/tree/main/13/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
20. CVE-2021-27915
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.5
Description: Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
References: https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422
CWE-ID: CWE-80
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-21743
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.
References: https://patchstack.com/database/vulnerability/houzez-login-register/wordpress-houzez-login-register-plugin-3-2-5-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-22303
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
References: https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-3-2-4-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
23. CVE-2021-27916
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
References: https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-7788
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
References: https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-8768
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
References: https://access.redhat.com/security/cve/CVE-2024-8768
https://bugzilla.redhat.com/show_bug.cgi?id=2311895
https://github.com/vllm-project/vllm/issues/7632
https://github.com/vllm-project/vllm/pull/7746
CWE-ID: CWE-617
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-38812
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-38813
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CWE-ID: CWE-250 CWE-273
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-42501
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-42502
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-42503
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-45682
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-38183
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38183
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-43460
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43460
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-45798
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts.
References: https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
https://github.com/espressif/arduino-esp32/blob/690bdb511d9f001e2066da2dda2c631a3eee270f/.github/workflows/tests_results.yml
https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
https://securitylab.github.com/research/github-actions-preventing-pwn-requests
https://securitylab.github.com/research/github-actions-untrusted-input
CWE-ID: CWE-20 CWE-78 CWE-94
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-45398
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.
References: https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads
https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-45606
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by unauthorized parties. A patch was issued to ensure authorization checks are properly scoped on requests to mute alert rules. Authenticated users who do not have the necessary permissions are no longer able to mute alerts. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version **24.9.0** or higher. The rule mute feature was generally available as of 23.6.0 but users with early access may have had the feature as of 23.4.0. Affected users are advised to upgrade to version 24.9.0. There are no known workarounds for this vulnerability.
References: https://github.com/getsentry/self-hosted
https://github.com/getsentry/sentry/pull/77016
https://github.com/getsentry/sentry/security/advisories/GHSA-v345-w9f2-mpm5
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-8956
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
References: https://ptzoptics.com/firmware-changelog/
https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-8957
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
References: https://ptzoptics.com/firmware-changelog/
https://vulncheck.com/advisories/ptzoptics-command-injection
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-46982
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.
References: https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3
https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda
https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-43969
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.
References: https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-12-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-43976
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.
References: https://patchstack.com/database/vulnerability/superstorefinder-wp/wordpress-super-store-finder-plugin-6-9-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-43978
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.
References: https://patchstack.com/database/vulnerability/superstorefinder-wp/wordpress-super-store-finder-plugin-6-9-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-44004
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.
References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-44007
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through 6.14.
References: https://patchstack.com/database/vulnerability/skt-templates/wordpress-skt-templates-elementor-gutenberg-templates-plugin-6-14-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-44009
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10.
References: https://patchstack.com/database/vulnerability/wc-multivendor-marketplace/wordpress-wcfm-marketplace-3-6-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-44064
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.
References: https://patchstack.com/database/vulnerability/likebtn-like-button/wordpress-like-button-rating-likebtn-plugin-2-6-53-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between septiembre 17-18, 2024.
During this period, The National Vulnerability Database published 181, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 37
Medium: 40
Low: 0
Severity Not Assigned: 95
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-27869
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.
References: https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121250
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-27874
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.
References: https://support.apple.com/en-us/121250
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-27876
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
References: https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250
CWE-ID: CWE-362
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-27879
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.
References: https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121250
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-40841
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.
References: https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121247
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-40852
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.
References: https://support.apple.com/en-us/121250
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-40861
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.
References: https://support.apple.com/en-us/121238
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-44132
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References: https://support.apple.com/en-us/121238
CWE-ID: CWE-61
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-44147
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.
References: https://support.apple.com/en-us/121250
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-44160
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
References: https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121247
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-44169
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.
References: https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121240
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121248
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-45496
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.
References: https://access.redhat.com/security/cve/CVE-2024-45496
https://bugzilla.redhat.com/show_bug.cgi?id=2308661
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-7387
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.
References: https://access.redhat.com/security/cve/CVE-2024-7387
https://bugzilla.redhat.com/show_bug.cgi?id=2302259
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-8110
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer.
If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart.
If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable.
References: https://web-material3.yokogawa.com/1/36276/files/YSAR-24-0003-E.pdf
CWE-ID: CWE-252
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-8490
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://plugins.trac.wordpress.org/browser/propertyhive/tags/2.0.19/includes/class-ph-ajax.php#L1089
https://plugins.trac.wordpress.org/browser/propertyhive/tags/2.0.19/includes/class-ph-ajax.php#L976
https://plugins.trac.wordpress.org/changeset/3152548/
https://www.wordfence.com/threat-intel/vulnerabilities/id/17c06c83-6707-4233-a1c3-ef4cdcf93982?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-8761
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
References: https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.03/assets/js/sti.js#L693
https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.03/includes/class-sti-shortlink.php#L64
https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.03/includes/class-sti-shortlink.php#L74
https://plugins.trac.wordpress.org/changeset/3152564/
https://wordpress.org/plugins/share-this-image/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/1e72d5c7-c601-4775-a825-4786bbd1b5f0?source=cve
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-8767
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
References: https://security-advisory.acronis.com/advisories/SEC-4976
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-46085
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
References: https://github.com/RainingSEC/cms/tree/main/11/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-46362
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
References: https://github.com/ohuquq/cms/tree/main/13/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
20. CVE-2021-27915
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.5
Description: Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
References: https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422
CWE-ID: CWE-80
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-21743
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.
References: https://patchstack.com/database/vulnerability/houzez-login-register/wordpress-houzez-login-register-plugin-3-2-5-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-22303
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
References: https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-3-2-4-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
23. CVE-2021-27916
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
References: https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-7788
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
References: https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-8768
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
References: https://access.redhat.com/security/cve/CVE-2024-8768
https://bugzilla.redhat.com/show_bug.cgi?id=2311895
https://github.com/vllm-project/vllm/issues/7632
https://github.com/vllm-project/vllm/pull/7746
CWE-ID: CWE-617
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-38812
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-38813
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
CWE-ID: CWE-250 CWE-273
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-42501
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-42502
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-42503
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-45682
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-38183
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38183
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-43460
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43460
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-45798
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts.
References: https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection
https://github.com/espressif/arduino-esp32/blob/690bdb511d9f001e2066da2dda2c631a3eee270f/.github/workflows/tests_results.yml
https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8
https://securitylab.github.com/research/github-actions-preventing-pwn-requests
https://securitylab.github.com/research/github-actions-untrusted-input
CWE-ID: CWE-20 CWE-78 CWE-94
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-45398
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.
References: https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads
https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-45606
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by unauthorized parties. A patch was issued to ensure authorization checks are properly scoped on requests to mute alert rules. Authenticated users who do not have the necessary permissions are no longer able to mute alerts. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version **24.9.0** or higher. The rule mute feature was generally available as of 23.6.0 but users with early access may have had the feature as of 23.4.0. Affected users are advised to upgrade to version 24.9.0. There are no known workarounds for this vulnerability.
References: https://github.com/getsentry/self-hosted
https://github.com/getsentry/sentry/pull/77016
https://github.com/getsentry/sentry/security/advisories/GHSA-v345-w9f2-mpm5
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-8956
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
References: https://ptzoptics.com/firmware-changelog/
https://vulncheck.com/advisories/ptzoptics-insufficient-auth
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-8957
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
References: https://ptzoptics.com/firmware-changelog/
https://vulncheck.com/advisories/ptzoptics-command-injection
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-46982
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.
References: https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3
https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda
https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-43969
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.
References: https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-12-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-43976
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.
References: https://patchstack.com/database/vulnerability/superstorefinder-wp/wordpress-super-store-finder-plugin-6-9-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-43978
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.
References: https://patchstack.com/database/vulnerability/superstorefinder-wp/wordpress-super-store-finder-plugin-6-9-8-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-44004
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.
References: https://patchstack.com/database/vulnerability/wpcargo/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-44007
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through 6.14.
References: https://patchstack.com/database/vulnerability/skt-templates/wordpress-skt-templates-elementor-gutenberg-templates-plugin-6-14-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-44009
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10.
References: https://patchstack.com/database/vulnerability/wc-multivendor-marketplace/wordpress-wcfm-marketplace-3-6-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-44064
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.
References: https://patchstack.com/database/vulnerability/likebtn-like-button/wordpress-like-button-rating-likebtn-plugin-2-6-53-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found