Volume 24 – Number 45

Internet Storm Center Spotlight

SANS Holiday Hack Challenge™ 2024

Join the global cybersecurity community in the most festive and challenging event of the year! The SANS Holiday Hack Challenge offers FREE, high-quality, and super fun hands-on cybersecurity challenges designed for all skill levels. Play to learn or practice your skills and stand a chance to win exciting prizes for the top entries. https://www.sans.org/mlp/holiday-hack-challenge-2024/

2024 Challenge Topics:

Ransomware Reverse Engineering

Hardware Hacking

Web App Hacking with MQTT and Video Feed Manipulation

Video Game Hacking

Threat Hunting with KQL

SIM/SEM Analysis

Mobile App Penetration Testing

OSINT via Drone Path Analysis

Web Exploration with cURL

PowerShell for Cyber Defense

INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Steam Account Checker Poisoned with Infostealer

Published: 2024-11-07.

Last Updated: 2024-11-07 07:49:23 UTC

by Xavier Mertens (Version: 1)

I found an interesting script targeting Steam users. Steam is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called "steam-account-checker" and is available in Github[2]. Its description is:

steam account checker ? check your steam log 2024 ? simple script that validates steam logins fast and easy."

Updated two months ago, the script seems obfuscated and looks nice when checked online ...

But if you download the file and check it carefully ...

The author used a simple trick to hide malicious code: The first line appends space characters (0x20) to hide the following code. Read: It's not displayed in an editor that does not wrap up long lines. Let's remove them and the first line will look like this ...

Read the full entry:

https://isc.sans.edu/diary/Steam+Account+Checker+Poisoned+with+Infostealer/31420/

Microsoft November 2024 Patch Tuesday

Published: 2024-11-12. Last Updated: 2024-11-12 18:26:59 UTC

by Renato Marinho (Version: 1)

This month, Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these updates to mitigate potential risks and enhance their security posture.

Notable Vulnerabilities:

NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451)

This vulnerability, identified as CVE-2024-43451, has been exploited and disclosed, carrying an Important severity rating with a CVSS score of 6.5. It allows an attacker to disclose a user's NTLMv2 hash, enabling them to authenticate as that user, which could lead to a total loss of confidentiality. Exploitation requires minimal user interaction, such as selecting or inspecting a malicious file. The vulnerability affects all supported versions of Microsoft Windows, and while Internet Explorer has been retired on certain platforms, updates addressing this vulnerability are included in the IE Cumulative Updates to ensure continued protection.

Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039)

This vulnerability, identified as CVE-2024-49039, has a severity rating of Important with a CVSS score of 8.8 and is currently being exploited in the wild, although it has not been disclosed publicly. An authenticated attacker can exploit this vulnerability by running a specially crafted application on the target system, allowing them to elevate their privileges to a Medium Integrity Level. Successful exploitation could enable the attacker to execute RPC functions that are typically restricted to privileged accounts, thereby compromising the security of the system. Remediation efforts should focus on monitoring for unauthorized applications and ensuring that only trusted software is executed on systems to mitigate the risk of exploitation.

Active Directory Certificate Services Elevation of Privilege Vulnerability (CVE-2024-49019)

This vulnerability, identified as CVE-2024-49019, has been disclosed but is not currently exploited in the wild. It carries a severity rating of Important with a CVSS score of 7.8, allowing an attacker to potentially gain domain administrator privileges. The vulnerability affects certificates created using a version 1 certificate template with the Source of subject name set to "Supplied in the request," particularly if the template is not secured according to best practices. To mitigate this risk, organizations are advised to remove overly broad enrollment permissions, eliminate unused templates from certification authorities, and secure templates that allow specification of the subject in requests through additional signatures, certificate manager approval, and monitoring of issued certificates.

Windows Kerberos Remote Code Execution Vulnerability (CVE-2024-43639)

This critical vulnerability, with a CVSS score of 9.8, has not been exploited in the wild nor disclosed publicly. It allows an unauthenticated attacker to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target using a specially crafted application. The potential impact of this vulnerability underscores the importance of monitoring and securing systems against unauthorized access and exploitation.

Microsoft Windows VMSwitch Elevation of Privilege Vulnerability (CVE-2024-43625)

This critical vulnerability, identified as CVE-2024-43625, has a CVSS score of 8.1 and is currently not exploited or disclosed publicly. It allows an attacker with low privileges on a Hyper-V guest to traverse the security boundary and execute code on the Hyper-V host, potentially gaining SYSTEM privileges. The exploitation requires a high level of complexity, as the attacker must gather specific environmental information and perform additional preparatory actions before sending a specific series of networking requests to the VMswitch driver, triggering a use-after-free vulnerability. Notably, this vulnerability is confined to the VmSwitch component within Hyper-V and does not affect the System Center Virtual Machine Manager (SCVMM).

This summary highlights key vulnerabilities for this Patch Tuesday. Notably, CVE-2024-43451, a NTLM hash disclosure vulnerability, poses a significant risk due to its exploitation potential with minimal user interaction. CVE-2024-49039, an elevation of privilege vulnerability, is actively exploited and requires immediate attention. Additionally, CVE-2024-49019 allows potential domain admin access, necessitating strict certificate management. Critical vulnerabilities like CVE-2024-43639 (CVSS 9.8) and CVE-2024-43625, while not currently exploited, demand proactive monitoring and security measures. Prioritize patching and monitoring to mitigate these risks effectively.

November 2024 Security Updates ...

Read the full entry:

https://isc.sans.edu/diary/Microsoft+November+2024+Patch+Tuesday/31438/

Internet Storm Center Entries

PDF Object Streams (2024.11.11)

https://isc.sans.edu/diary/PDF+Object+Streams/31430/

zipdump & PKZIP Records (2024.11.10)

https://isc.sans.edu/diary/zipdump+PKZIP+Records/31428/

zipdump & Evasive ZIP Concatenation (2024.11.09)

https://isc.sans.edu/diary/zipdump+Evasive+ZIP+Concatenation/31426/

SANS Holiday Hack Challenge 2024 (2024.11.09)

https://isc.sans.edu/diary/SANS+Holiday+Hack+Challenge+2024/31424/

Recent CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability

Product: Microsoft Windows Task Scheduler

CVSS Score: 8.8

** KEV since 2024-11-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49039

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039

CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability

Product: Microsoft Windows Operating System

CVSS Score: 6.5

** KEV since 2024-11-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43451

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451

CVE-2024-43639 - Windows Kerberos Remote Code Execution Vulnerability

Product: Microsoft Windows Kerberos

CVSS Score: 9.8

NVD: https://isc.sans.edu/diary/31438

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639

CVE-2024-43625 - Microsoft Windows VMSwitch Elevation of Privilege Vulnerability

Product: Microsoft Windows VMSwitch

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43625

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43625

CVE-2024-49019 - Active Directory Certificate Services Elevation of Privilege Vulnerability

Product: Microsoft Active Directory Certificate Services

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49019

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019

CVE-2024-43498 - .NET and Visual Studio Remote Code Execution Vulnerability

Product: Microsoft .NET and Visual Studio

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43498

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498

CVE-2024-43602 - Azure CycleCloud Remote Code Execution Vulnerability

Product: Microsoft Azure CycleCloud

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43602

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43602

CVE-2024-45409 - Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 allows an unauthenticated attacker to forge a SAML Response and log in as an arbitrary user.

Product: Ruby-SAML

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45409

ISC Podcast: hhttps://isc.sans.edu/podcastdetail/9218

CVE-2024-44258 - iOS, iPadOS, visionOS, and tvOS are vulnerable to modification of protected system files when restoring a maliciously crafted backup file.

Product: Apple iOS

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44258

ISC Podcast: https://isc.sans.edu/podcastdetail/9212

CVE-2024-10687 - The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery plugin for WordPress is vulnerable to time-based SQL Injection allowing unauthenticated attackers to extract sensitive information from the database.

Product: Contest-Gallery Contest Gallery

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10687

NVD References:

- https://plugins.trac.wordpress.org/browser/contest-gallery/tags/24.0.1/v10/v10-frontend/ecommerce/ecommerce-get-raw-data-from-galleries.php#L61

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3175299%40contest-gallery%2Ftags%2F24.0.3&new=3180268%40contest-gallery%2Ftags%2F24.0.4

- https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=cve

CVE-2024-10844 & CVE-2024-10845 - 1000 Projects Bookstore Management System 1.0 remote SQL injection vulnerabilities

Product: Bookstore Management System Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10844

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10845

NVD References:

- https://github.com/sbm-98/CVE/issues/1

- https://github.com/hbuzs/CVE/issues/3

CVE-2024-51132 - HAPI FHIR v6.4.0 and earlier versions are vulnerable to XXE attacks allowing hackers to access sensitive data or execute unauthorized code via malicious XML entities in crafted requests.

Product: HAPI FHIR

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51132

NVD References:

- https://github.com/JAckLosingHeart/CVE-2024-51132-POC

- https://github.com/hapifhir/org.hl7.fhir.core

CVE-2024-42509 & CVE-2024-47460 - Aruba's CLI service is vulnerable to unauthorized remote code execution via specially crafted packets sent to the PAPI UDP port.

Product: Aruba PAPI (Aruba's Access Point management protocol)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42509

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47460

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US

CVE-2024-48176 - Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control due to unlimited login attempts and non-refreshed verification codes, enabling attackers to easily gain unauthorized access to the system backend.

Product: Lylme Spage

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48176

NVD References: https://gist.github.com/Gryffinbit/c0b37c6caae4844d4f59368e454d3e46

CVE-2024-48746 - Lens Visual integration with Power BI v.4.0.0.3 is vulnerable to remote code execution through the Natural language processing component.

Product: Lens Visual Power BI

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48746

NVD References: https://gist.github.com/KaiqueFerreiraPeres/a56c33104a52019c533e4283c257d3a0

CVE-2024-51115 - DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.

Product: DCME-320

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51115

NVD References: https://github.com/CLan-nad/CVE/blob/main/dcn/ip_inter/1.md

CVE-2024-51358 - Linux Server Heimdall v.2.6.1 is vulnerable to remote code execution by a crafted script on Add new application.

Product: Linux Server Heimdall

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51358

NVD References: https://github.com/Kov404/CVE-2024-51358

CVE-2024-8615 - The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code.

Product: Eyecix Jobsearch Wp Job Board

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8615

NVD References:

- https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856

- https://www.wordfence.com/threat-intel/vulnerabilities/id/dd718d44-4921-4deb-af5a-43e5f3926914?source=cve

CVE-2024-10914 & CVE-2024-10915 - D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L are vulnerable to critical os command injection flaws in the cgi_user_add function of /cgi-bin/account_mgr.cgi, allowing for remote attacks with high complexity.

Product: Multiple D-Link products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10914

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10915

NVD References:

- https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07?pvs=4

- https://netsecfish.notion.site/Command-Injection-Vulnerability-in-group-parameter-for-D-Link-NAS-12d6b683e67c803fa1a0c0d236c9a4c5?pvs=4

- https://www.dlink.com/

CVE-2024-10081 - CodeChecker is vulnerable to an authentication bypass flaw in API endpoints, allowing unauthorized superuser access.

Product: CodeChecker

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10081

NVD References: https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q

CVE-2024-10919 - didi Super-Jacoco 1.0 is vulnerable to a critical os command injection flaw in the /cov/triggerUnitCover file's uuid argument, allowing for remote attacks with a publicly disclosed exploit.

Product: Didi Super-Jacoco

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10919

NVD References: https://github.com/didi/super-jacoco/issues/49

CVE-2024-10826 - Google Chrome on Android prior to 130.0.6723.116 had a high severity vulnerability that allowed remote attackers to potentially exploit heap corruption using a crafted HTML page.

Product: Google Chrome

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10826

ISC Diary: https://isc.sans.edu/diary/31438

NVD References:

- https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/370217726

CVE-2024-10827 - Google Chrome prior to 130.0.6723.116 is vulnerable to a Use after Free vulnerability in Serial that could allow remote attackers to exploit heap corruption.

Product: Google Chrome

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10827

ISC Diary: https://isc.sans.edu/diary/31438

NVD References:

- https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html

- https://issues.chromium.org/issues/375065084

CVE-2024-20418 - Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points is vulnerable to remote command injection attacks due to improper input validation in its web-based management interface, allowing an attacker to gain root privileges on the underlying operating system.

Product: Cisco Unified Industrial Wireless Software

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20418

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

CVE-2024-51504 - ZooKeeper Admin Server is vulnerable to Authentication Bypass by Spoofing due to weak IP based authentication implementation using HTTP request headers.

Product: Apache ZooKeeper

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51504

NVD References: https://lists.apache.org/thread/b3qrmpkto5r6989qr61fw9y2x646kqlh

CVE-2019-20457 - Brother MFC-J491DW C1806180757 devices are vulnerable to unauthorized access because the printer's web-interface leaks the password hash in the response header without authentication.

Product: Brother MFC-J491DW

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-20457

NVD References:

- https://global.brother

- https://seclists.org/fulldisclosure/2024/Jul/14

- https://support.brother.com/g/s/security/en/index.html

CVE-2019-20461 - Alecto IVM-100 2019-11-12 devices are vulnerable to unauthorized camera access over the Internet due to a custom UDP protocol that does not require authentication.

Product: Alecto IVM-100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-20461

NVD References:

- https://seclists.org/fulldisclosure/2024/Jul/14

- https://www.alecto.nl

CVE-2024-50766 - SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter.

Product: SourceCodester Survey Application System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50766

NVD References: https://medium.com/%40luisgerardomoret_69654/sql-injection-in-survey-application-system-cve-2024-50766-8ed81426ca6e

CVE-2024-10988 - E-Health Care System 1.0 is vulnerable to critical SQL injection in /Doctor/doctor_login.php, allowing remote attackers to manipulate the email argument and potentially exploit other parameters.

Product: Anisha E-Health Care System

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10988

NVD References:

- https://code-projects.org/

- https://github.com/20241018/cve/blob/main/sql.md

CVE-2020-8007 - EV Charger pwrstudio web application in Circontrol Raption servers version 5.6.2 is vulnerable to OS command injection through configuration menu fields ntpserver0, ntpserver1, and pingip.

Product: Circontrol Raption

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-8007

NVD References:

- https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/

- https://seclists.org/fulldisclosure/2024/Mar/33

CVE-2023-27195 - Trimble TM4Web 22.2.0 has a vulnerability that allows unauthenticated attackers to create new Administrator accounts with full privileges.

Product: Trimble TM4Web

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27195

NVD References:

- https://seclists.org/fulldisclosure/2024/Apr/16

- https://transportation.trimble.com/products/TM4Web

CVE-2024-7982 - The Registrations for the Events Calendar WordPress plugin allows unauthenticated users to execute Cross-Site Scripting attacks due to unsanitised parameters in event registrations.

Product: WordPress Registrations for the Events Calendar

Active Installations: unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7982

NVD References: https://wpscan.com/vulnerability/d79e1e9c-980d-4974-bfbd-d87d6e28d9a6/

CVE-2024-10995 - Codezips Hospital Appointment System 1.0 is vulnerable to a critical SQL injection attack in /removeDoctorResult.php.

Product: Codezips Hospital Appointment System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10995

NVD References: https://github.com/Hacker0xone/CVE/issues/2

CVE-2024-10996, CVE-2024-10997, CVE-2024-10998 - 1000 Projects Bookstore Management System 1.0 critical SQL injection vulnerabilities

Product: Bookstore Management System Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10996

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10997

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10998

NVD References:

- https://github.com/ppp-src/CVE/issues/32

- https://github.com/Sy0ung-cmd/CVE/blob/main/vendors/1000projects/bookstore-management-system/SQLi-1.md

- https://github.com/090913/CVE/issues/1

CVE-2024-50588 - Elefant Firebird database is vulnerable to remote DBA access via known default credentials, allowing attackers to manipulate patient data and overwrite server files.

Product: Elefant Firebird

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50588

NVD References:

- https://hasomed.de/produkte/elefant/

- https://r.sec-consult.com/hasomed

CVE-2024-45764 - Dell Enterprise SONiC OS versions 4.1.x and 4.2.x are susceptible to a critical severity Missing Critical Step in Authentication vulnerability, allowing unauthenticated remote attackers to bypass protection mechanisms.

Product: Dell Enterprise SONiC OS

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45764

NVD References: https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

CVE-2024-45763 & CVE-2024-45765 - Dell Enterprise SONiC OS versions 4.1.x and 4.2.x are vulnerable to OS Command Injection, allowing a high privileged attacker remote access to potentially execute commands with lower privileges.

Product: Dell Enterprise SONiC OS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45763

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45765

NVD References: https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

CVE-2024-50966 - dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.

Product: dingfanzu CMS V1.0

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50966

NVD References: https://github.com/evenomn/YangYiWen/tree/main/11

CVE-2024-35426 - vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c.

Product: vmir e8117

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35426

NVD References:

- https://gist.github.com/haruki3hhh/9d2a5a139a8b72517009953d0ba7338c

- https://github.com/andoma/vmir/issues/24

CVE-2024-10284 - The CE21 Suite plugin for WordPress is vulnerable to authentication bypass through a hardcoded encryption key, allowing unauthenticated attackers to log in as any user on the site.

Product: CE21 Suite plugin for WordPress

Active Installations: This plugin has been closed as of November 8, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10284

NVD References:

- https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L242

- https://www.wordfence.com/threat-intel/vulnerabilities/id/45d66743-300e-480d-98b8-99dc30b6e786?source=cve

CVE-2024-10285 - The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure through the plugin-log.txt file, allowing unauthenticated attackers to access user accounts via JWT tokens.

Product: WordPress CE21 Suite plugin

Active Installations: This plugin has been closed as of November 8, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10285

NVD References:

- https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237

- https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L281

- https://www.wordfence.com/threat-intel/vulnerabilities/id/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve

CVE-2024-10586 - The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation, allowing unauthenticated attackers to create malicious files for remote code execution.

Product: WordPress Debug Tool Plugin

Active Installations: This plugin has been closed as of November 8, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10586

NVD References:

- https://plugins.trac.wordpress.org/browser/debug-tool/trunk/tools/image-puller.php#L120

- https://www.wordfence.com/threat-intel/vulnerabilities/id/5e9d5c93-dcd7-450e-8c52-5c95fc5473d2?source=cve

CVE-2024-10470 - The WPLMS Learning Management System for WordPress is vulnerable to arbitrary file read and deletion, allowing unauthenticated attackers to potentially execute remote code by deleting crucial files on the server.

Product: WPLMS WordPress LMS theme

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10470

NVD References:

- https://themeforest.net/item/wplms-learning-management-system/6780226

- https://www.wordfence.com/threat-intel/vulnerabilities/id/1932c9b4-2fea-40f8-9748-09ded8143c11?source=cve

CVE-2024-10508 - The RegistrationMagic – User Registration Plugin with Custom Registration Forms for WordPress is vulnerable to privilege escalation through account takeover via unauthenticated attackers resetting passwords of arbitrary users, including administrators, in versions up to 6.0.2.6.

Product: RegistrationMagic User Registration Plugin

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10508

NVD References:

- https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.2.6/public/controllers/class_rm_login_controller.php#L239

- https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.2.6/public/controllers/class_rm_login_controller.php#L241

- https://plugins.trac.wordpress.org/changeset/3181174/custom-registration-form-builder-with-submission-manager/trunk/public/controllers/class_rm_login_controller.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c4679fa7-be6b-4f50-8cdf-ff9822794f19?source=cve

CVE-2024-10547 - The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code.

Product: WordPress WP Membership plugin

Active Installations: unknown

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10547

NVD References:

- https://codecanyon.net/item/wp-membership/10066554

- https://www.wordfence.com/threat-intel/vulnerabilities/id/664e6e2a-faa1-4609-b250-d7e94c5d5a04?source=cve

CVE-2024-10589 - The Leopard - WordPress Offload Media plugin is vulnerable to unauthorized data modification and privilege escalation in versions up to 3.1.1.

Product: The Leopard WordPress Offload Media

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10589

NVD References:

- https://codecanyon.net/item/leopard-wordpress-offload-media/23728788

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b50597-18c1-4cbc-aebb-348f4d786ad9?source=cve

CVE-2024-10801 - The WordPress User Extra Fields plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to potentially execute remote code.

Product: WordPress User Extra Fields plugin

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10801

NVD References:

- https://codecanyon.net/item/user-extra-fields/12949844

- https://www.wordfence.com/threat-intel/vulnerabilities/id/6a60e2c3-4597-4b21-ad20-6a00e483fcf1?source=cve

CVE-2024-10871 - The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 2.8.2 via the 'params[caf-post-layout]' parameter, allowing unauthenticated attackers to execute arbitrary files on the server and potentially bypass access controls or obtain sensitive data.

Product: Category Ajax Filter WordPress

Active Installations: 8,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10871

NVD References:

- https://plugins.trac.wordpress.org/browser/category-ajax-filter/tags/2.8.2/includes/functions.php#L180

- https://plugins.trac.wordpress.org/changeset/3183800/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb03d81-ac33-487b-bf4d-927e8104866e?source=cve

CVE-2024-51788 - The Novel Design Store Directory allows the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server.

Product: Joshua Wolfe The Novel Design Store Directory

Active Installations: This plugin has been closed and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51788

NVD References: https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-51789 - UjW0L Image Classify allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to the web server.

Product: UjW0L Image Classify

Active Installations: This plugin has been closed as of November 6, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51789

NVD References: https://patchstack.com/database/vulnerability/image-classify/wordpress-image-classify-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-51790 - HB AUDIO GALLERY allows uploading dangerous file types which can result in a web shell being added to the server.

Product: Team HB WEBSOL HB AUDIO GALLERY

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51790

NVD References: https://patchstack.com/database/vulnerability/hb-audio-gallery/wordpress-hb-audio-gallery-plugin-3-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-51792 - Dang Ngoc Binh Audio Record allows unrestricted upload of dangerous file types, enabling the upload of a web shell to a web server.

Product: Dang Ngoc Binh Audio Record

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51792

NVD References: https://patchstack.com/database/vulnerability/audio-record/wordpress-audio-record-plugin-1-0-arbitrary-file-upload-vulnerability-2?_s_id=cve

CVE-2024-11016, CVE-2024-11018, CVE-2024-11020 - Webopac from Grand Vice info is vulnerable to SQL injection

Product: Grand Vice info Webopac

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11016

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11018

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11020

NVD References:

- https://www.twcert.org.tw/en/cp-139-8210-46322-2.html

- https://www.twcert.org.tw/tw/cp-132-8209-bf75d-1.html

CVE-2024-11068 - The D-Link DSL6740C modem is vulnerable to an Incorrect Use of Privileged APIs, enabling unauthorized users to change any user's password and access Web, SSH, and Telnet services with that user's account.

Product: D-Link DSL6740C modem

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11068

NVD References:

- https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html

- https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html

CVE-2024-50989 - PHPGurukul Online Marriage Registration System v1.0 is vulnerable to SQL injection via the "searchdata" parameter in /omrs/admin/search.php.

Product: PHPGurukul Online Marriage Registration System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50989

NVD References: https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Marriage%20Registration/SQL%20Injction.pdf.pdf

CVE-2024-50667 - The boa httpd of Trendnet TEW-820AP 1.01.B01 is vulnerable to stack overflow due to insufficient validation of ipv6 addresses in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6, enabling attackers to craft payloads for exploits.

Product: Trendnet TEW-820AP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50667

NVD References:

- https://github.com/ixout/iotVuls/blob/main/Trendnet/TEW_820/report.md

- https://www.trendnet.com/support/support-detail.asp?prod=100_TEW-820AP

CVE-2024-51135 - powertac-server v1.9.0 is vulnerable to XXE attacks, potentially granting unauthorized access to sensitive data or enabling the execution of arbitrary code.

Product: powertac-server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51135

NVD References:

- http://www.powertac.org/

- https://github.com/powertac/powertac-server

- https://github.com/powertac/powertac-server/issues/1166

- https://mvnrepository.com/artifact/org.powertac/server-interface

CVE-2024-36061 - EnGenius EWS356-FIT devices are vulnerable to blind OS command injection, enabling attackers to execute arbitrary commands through Ping and Speed Test utilities.

Product: EnGenius EWS356-FIT devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36061

NVD References: https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-36061

CVE-2024-51747 - Kanboard software allows an authenticated admin to read and delete arbitrary files from the server by uploading a modified SQLite db through the file attachments feature.

Product: Kanboard

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51747

NVD References: https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v

CVE-2024-51748 - Kanboard project management software is vulnerable to an authenticated admin running arbitrary php code on the server through a file write possibility.

Product: Frayx Kanboard

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51748

NVD References: https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p

CVE-2024-46962 - The SYQ com.downloader.video.fast application for Android allows for arbitrary JavaScript code execution via the SpeedMainAct component.

Product: SYQ Master Video Downloader

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46962

NVD References:

- https://github.com/actuator/com.downloader.video.fast/blob/main/CVE-2024-46962

- https://play.google.com/store/apps/details?id=com.downloader.video.fast

CVE-2024-52533 - GNOME GLib before 2.82.1 is vulnerable to an off-by-one error and buffer overflow in gio/gsocks4aproxy.c due to insufficient SOCKS4_CONN_MSG_LEN.

Product: GNOME GLib

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52533

NVD References:

- https://gitlab.gnome.org/GNOME/glib/-/issues/3461

- https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1

- https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home

CVE-2024-10245 - The Relais 2FA plugin for WordPress is vulnerable to authentication bypass up to version 1.0, allowing unauthenticated attackers to log in as any existing user on the site.

Product: Relais 2FA plugin for WordPress

Active Installations: This plugin has been closed as of November 11, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10245

NVD References:

- https://plugins.trac.wordpress.org/browser/relais-2fa/trunk/relais.php?rev=2439540#L39

- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d476336-e997-4379-a8f6-963ae22b2417?source=cve

CVE-2024-44102 - PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured) and other affected versions allow remote attackers to execute arbitrary code with SYSTEM privileges via insecure deserialization of user-supplied content.

Product: Siemens PP TeleControl Server

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44102

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-454789.html

CVE-2024-46888 - SINEC INS (All versions < V1.0 SP2 Update 3) allows an authenticated remote attacker to manipulate files and achieve arbitrary code execution due to improper input sanitization in SFTP-based file transfers.

Product: Siemens SINEC INS

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46888

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-915275.html

CVE-2024-46890 - SINEC INS is vulnerable to remote code execution due to improper input validation in its web API endpoints.

Product: Siemens SINEC INS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46890

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-915275.html

CVE-2024-10943 - The affected product is vulnerable to an authentication bypass due to shared secrets, allowing a threat actor to impersonate a user by obtaining additional authentication information.

Product: Siemens SIMATIC WinCC

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10943

NVD References: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html

CVE-2024-11005, CVE-2024-11006, & CVE-2024-11007 - Ivanti Connect Secure and Ivanti Policy Secure before version 22.7R2.1/22.7R1.1 are susceptible to command injection, enabling a remote authenticated attacker with admin privileges to execute code remotely.

Product: Ivanti Connect Secure

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11005

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11006

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11007

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

CVE-2024-50330 - Ivanti Endpoint Manager is vulnerable to SQL injection, allowing remote attackers to execute code without authentication before certain security updates.

Product: Ivanti Endpoint Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50330

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022

CVE-2024-43415 - Decidim_awesome-module v0.11.1 and earlier versions allow authenticated admin users to manipulate SQL queries, potentially disclosing information or executing unauthorized operations.

Product: decidim_awesome-module

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43415

NVD References:

- https://github.com/decidim-ice/decidim-module-decidim_awesome/commit/84374037d34a3ac80dc18406834169c65869f11b

- https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f

- https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability

CVE-2024-52297 - Tolgee 3.81.1 had an open-source localization platform vulnerability that exposed all configuration properties to users, but it was fixed in v3.81.2.

Product: Tolgee

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52297

NVD References:

- https://github.com/tolgee/tolgee-platform/pull/2481/files#diff-d16735590f0f2db7cd782e2966fa18426b94b5e4030fa8b1f5e00cd55686fe7f

- https://github.com/tolgee/tolgee-platform/pull/2689/files

- https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-3wr3-889v-pgcj

CVE-2024-49369 - Icinga's TLS certificate validation flaw in versions 2.4.0 and newer could allow attackers to impersonate trusted cluster nodes and API users, now patched in versions 2.14.3, 2.13.10, 2.12.11, and 2.11.12.

Product: Icinga 2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49369

NVD References:

- https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c

- https://github.com/Icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8

- https://github.com/Icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe

- https://github.com/Icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6

- https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831

- https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv

- https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3

CVE-2024-10820 - The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially achieve remote code execution on the affected site's server.

Product: WooCommerce Upload Files plugin

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10820

NVD References:

- https://codecanyon.net/item/woocommerce-upload-files/11442983

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve

CVE-2024-40715 - Veeam Backup & Replication Enterprise Manager is susceptible to an authentication bypass vulnerability, enabling attackers to exploit it with a Man-in-the-Middle (MITM) attack.

Product: Veeam Backup & Replication Enterprise Manager

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40715

ISC Podcast: https://isc.sans.edu/podcastdetail/9214

NVD References: https://www.veeam.com/kb4682

CVE-2024-43447 - Windows SMBv3 Server Remote Code Execution Vulnerability

Product: Microsoft Windows SMBv3 Server

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43447

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43447

CVE-2024-43450 - Windows DNS Spoofing Vulnerability

Product: Microsoft Windows DNS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43450

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43450

CVE-2024-43499 - .NET and Visual Studio Denial of Service Vulnerability

Product: Microsoft .NET and Visual Studio

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43499

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499

CVE-2024-43530 - Windows Update Stack Elevation of Privilege Vulnerability

Product: Microsoft Windows Update Stack

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43530

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43530

CVE-2024-43598 - LightGBM Remote Code Execution Vulnerability

Product: Microsoft Windows Operating System

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43598

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43598

CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43627 & CVE-2024-43628 - Windows Telephony Service Remote Code Execution Vulnerabilities

Product: Microsoft Windows Telephony Service

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43620

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43621

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43622

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43627

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43628

ISC Diary: https://isc.sans.edu/diary/31438

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43620

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43621

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43622

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43627

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43628

CVE-2024-43623 - Windows NT OS Kernel Elevation of Privilege Vulnerability

Product: Microsoft Windows NT

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43623

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43623

CVE-2024-43624 - Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

Product: Microsoft Windows Hyper-V

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43624

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43624

CVE-2024-43626 - Windows Telephony Service Elevation of Privilege Vulnerability

Product: Microsoft Windows Telephony Service

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43626

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43626

CVE-2024-43629 - Windows DWM Core Library Elevation of Privilege Vulnerability

Product: Microsoft Windows DWM Core Library

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43629

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43629

CVE-2024-43630 - Windows Kernel Elevation of Privilege Vulnerability

Product: Microsoft Windows Kernel

CVSS Score: 7.8 AtRiskScore 20

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43630

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43630

CVE-2024-43635 - Windows Telephony Service Remote Code Execution Vulnerability

Product: Microsoft Windows Telephony Service

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43635

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43635

CVE-2024-43636 - Win32k Elevation of Privilege Vulnerability

Product: Microsoft Win32k

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43636

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43636

CVE-2024-43640 - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43640

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43640

CVE-2024-43452 & CVE-2024-43641 - Windows Registry Elevation of Privilege Vulnerabilities

Product: Microsoft Windows Registry

CVSS Scores: 7.5 - 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43452

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43641

ISC Diary: https://isc.sans.edu/diary/31438

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43452

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43641

CVE-2024-43642 - Windows SMB Denial of Service Vulnerability

Product: Microsoft Windows SMB

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43642

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43642

CVE-2024-43644 - Windows Client-Side Caching Elevation of Privilege Vulnerability

Product: Microsoft Windows Client-Side Caching

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43644

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43644

CVE-2024-49021 - Microsoft SQL Server Remote Code Execution Vulnerability

Product: Microsoft SQL Server

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49021

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021

CVE-2024-49026 through CVE-2024-49030 - Microsoft Excel Remote Code Execution Vulnerabilities

Product: Microsoft Excel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49026

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49027

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49028

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49029

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49030

ISC Diary: https://isc.sans.edu/diary/31438

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49026

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49027

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49028

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49029

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49030

CVE-2024-49031 & CVE-2024-49032 - Microsoft Office Graphics Remote Code Execution Vulnerabilities

Product: Microsoft Office

CVSS Score: 7.8 AtRiskScore 20

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49031

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49032

https://isc.sans.edu/diary/31438

NVD References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49031

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49032

CVE-2024-49033 - Microsoft Word Security Feature Bypass Vulnerability

Product: Microsoft Word

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49033

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49033

CVE-2024-49040 - Microsoft Exchange Server Spoofing Vulnerability

Product: Microsoft Exchange Server

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49040

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040

CVE-2024-49043 - Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Product: Microsoft SqlServer XEvent Configuration

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49043

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043

CVE-2024-49046 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Product: Microsoft Windows Win32 Kernel Subsystem

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49046

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49046

CVE-2024-49048 - TorchGeo Remote Code Execution Vulnerability

Product: TorchGeo

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49048

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49048

CVE-2024-49049 - Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

Product: Microsoft Visual Studio Code

CVSS Score: 7.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49049

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49049

CVE-2024-49050 - Visual Studio Code Python Extension Remote Code Execution Vulnerability

Product: Microsoft Visual Studio Code

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49050

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49050

CVE-2024-49051 - Microsoft PC Manager Elevation of Privilege Vulnerability

Product: Microsoft PC Manager

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49051

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49051

CVE-2024-49056 - Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.

Product: Microsoft Airlift

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49056

ISC Diary: https://isc.sans.edu/diary/31438

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49056

CVE-2024-5535 - OpenSSL API function SSL_select_next_proto may crash or disclose memory contents to the peer when called with an empty supported client protocols buffer.

Product: OpenSSL

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5535

ISC Diary: https://isc.sans.edu/diary/31438

CVE: CVE-2024-43093 - Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Product: Android Framework

CVSS Score: N/A

** KEV since 2024-11-07 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43093

NVD References:

- https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed

- https://source.android.com/security/bulletin/2024-11-01