In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 05-06, 2024.
During this period, The National Vulnerability Database published 219, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 41
Medium: 97
Low: 1
Severity Not Assigned: 72
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-34443
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-9mx6-pwpp-j3xx
https://huntr.dev/bounties/c230d55d-1f0e-40c3-8c7e-20587d3e54da/?token=4d1195d5a50a9f0f7ae9fc24a2b0a3bd907427edaf7ee6ac1f8f31c11d8b7a5d2c204957125e63fd7cf3a87df6d5d12a35f9c7107ba5f33b5f668fa199a36932448b9bf186daa62cb32b5635770730eb68eeeba079b8864ab00358fd0dc65fa406d986525814a14951db2025e117f0098a1f270f5a5b2c935a65b00b5106e5511b61d501c4357654cb8ea76b
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-34444
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-rwx9-rcxf-qrwv
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-34445
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-mm45-wh68-jpvq
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-31448
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to upgrade should validate CSV content before importing it.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-776w-x6v7-vfwf
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-31998
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-9459
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
References: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-9459.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-10097
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
References: https://loginizer.com/
https://plugins.trac.wordpress.org/browser/loginizer/trunk/main/social-login.php?rev=3108779#L127
https://plugins.trac.wordpress.org/changeset/3173657/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00b22-d766-4fde-86fe-98d90936028c?source=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-47137
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
References: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-47404
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.
References: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-47797
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
References: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-10114
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
References: https://www.wordfence.com/threat-intel/vulnerabilities/id/71df23bf-8f51-4260-be1f-ed5bc29d4afe?source=cve
https://www.wpwebelite.com/changelogs/woocommerce-social-login/changelog.txt
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-10711
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://ithemelandco.com/docs/woocommerce-report/
https://plugins.trac.wordpress.org/browser/ithemelandco-woo-report/trunk/class/setting_report.php#L1174
https://plugins.trac.wordpress.org/changeset/3181117/
https://wordpress.org/plugins/ithemelandco-woo-report/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1d21339-3a86-4bee-be86-2d2ab9190b26?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-51510
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 6.0
Description: Out-of-bounds access vulnerability in the logo module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2024/11/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-10687
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/contest-gallery/tags/24.0.1/v10/v10-frontend/ecommerce/ecommerce-get-raw-data-from-galleries.php#L61
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3175299%40contest-gallery%2Ftags%2F24.0.3&new=3180268%40contest-gallery%2Ftags%2F24.0.4
https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-47253
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.
References: https://www.2n.com/en-GB/about-2n/cybersecurity/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-51523
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Information management vulnerability in the Gallery module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2024/11/
CWE-ID: CWE-840
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-51526
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Permission control vulnerability in the hidebug module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2024/11/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-10263
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References: https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-50993
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_39/39.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-51005
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_50/50.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-51008
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_53/53.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-51009
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-51010
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_48/48.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-51021
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_57/57.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-51023
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_42/42.md
https://www.dlink.com/en/security-bulletin/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-51024
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_43/43.md
https://www.dlink.com/en/security-bulletin/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-52018
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_53/53.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-52019
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-52020
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-52021
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-52022
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_48/48.md
https://www.netgear.com/about/security/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-29117
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-29118
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-29119
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-29120
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-29121
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-29125
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-49522
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d_painter/apsb24-52.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-9579
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
References: https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-51739
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. Users unable to upgrade may overload the dictionary entry `"UI:ResetPwd-Error-WrongLogin"` through an extension and replace it with a generic message.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-2hmf-p27w-phf9
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-49772
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-4xj8-hr85-hm3m
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-49774
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-9v56-vhp4-x227
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-50332
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-53xh-mjmq-j35p
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-7995
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.
References: https://autodesk.com/trust/security-advisories/adsk-sa-2024-0022
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-42509
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-47460
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-47461
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-47462
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-47463
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 05-06, 2024.
During this period, The National Vulnerability Database published 219, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 41
Medium: 97
Low: 1
Severity Not Assigned: 72
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-34443
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-9mx6-pwpp-j3xx
https://huntr.dev/bounties/c230d55d-1f0e-40c3-8c7e-20587d3e54da/?token=4d1195d5a50a9f0f7ae9fc24a2b0a3bd907427edaf7ee6ac1f8f31c11d8b7a5d2c204957125e63fd7cf3a87df6d5d12a35f9c7107ba5f33b5f668fa199a36932448b9bf186daa62cb32b5635770730eb68eeeba079b8864ab00358fd0dc65fa406d986525814a14951db2025e117f0098a1f270f5a5b2c935a65b00b5106e5511b61d501c4357654cb8ea76b
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-34444
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-rwx9-rcxf-qrwv
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-34445
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-mm45-wh68-jpvq
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-31448
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to upgrade should validate CSV content before importing it.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-776w-x6v7-vfwf
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-31998
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-9459
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
References: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-9459.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-10097
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
References: https://loginizer.com/
https://plugins.trac.wordpress.org/browser/loginizer/trunk/main/social-login.php?rev=3108779#L127
https://plugins.trac.wordpress.org/changeset/3173657/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00b22-d766-4fde-86fe-98d90936028c?source=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-47137
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
References: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-47404
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.
References: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-47797
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
References: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-10114
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
References: https://www.wordfence.com/threat-intel/vulnerabilities/id/71df23bf-8f51-4260-be1f-ed5bc29d4afe?source=cve
https://www.wpwebelite.com/changelogs/woocommerce-social-login/changelog.txt
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-10711
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://ithemelandco.com/docs/woocommerce-report/
https://plugins.trac.wordpress.org/browser/ithemelandco-woo-report/trunk/class/setting_report.php#L1174
https://plugins.trac.wordpress.org/changeset/3181117/
https://wordpress.org/plugins/ithemelandco-woo-report/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1d21339-3a86-4bee-be86-2d2ab9190b26?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-51510
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 6.0
Description: Out-of-bounds access vulnerability in the logo module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2024/11/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-10687
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/contest-gallery/tags/24.0.1/v10/v10-frontend/ecommerce/ecommerce-get-raw-data-from-galleries.php#L61
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3175299%40contest-gallery%2Ftags%2F24.0.3&new=3180268%40contest-gallery%2Ftags%2F24.0.4
https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-47253
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.
References: https://www.2n.com/en-GB/about-2n/cybersecurity/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-51523
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Information management vulnerability in the Gallery module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2024/11/
CWE-ID: CWE-840
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-51526
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Permission control vulnerability in the hidebug module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
References: https://consumer.huawei.com/en/support/bulletin/2024/11/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-10263
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References: https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-50993
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_39/39.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-51005
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_50/50.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-51008
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_53/53.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-51009
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-51010
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_48/48.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-51021
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_57/57.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-51023
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_42/42.md
https://www.dlink.com/en/security-bulletin/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-51024
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_43/43.md
https://www.dlink.com/en/security-bulletin/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-52018
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_53/53.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-52019
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-52020
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-52021
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md
https://www.netgear.com/about/security/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-52022
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
References: https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_48/48.md
https://www.netgear.com/about/security/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-29117
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-29118
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-29119
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-29120
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-29121
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-29125
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-49522
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d_painter/apsb24-52.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-9579
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
References: https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-51739
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. Users unable to upgrade may overload the dictionary entry `"UI:ResetPwd-Error-WrongLogin"` through an extension and replace it with a generic message.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-2hmf-p27w-phf9
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-49772
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-4xj8-hr85-hm3m
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-49774
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-9v56-vhp4-x227
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-50332
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-53xh-mjmq-j35p
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-7995
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.
References: https://autodesk.com/trust/security-advisories/adsk-sa-2024-0022
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-42509
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-47460
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-47461
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-47462
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-47463
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found