Critical Severity Vulnerability
Kingsoft WPS Office Path Traversal Vulnerability | CVE-2024-7262: Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document.
KSQL injection vulnerability in Job Portal | CVE-2024-8466: is a critical SQL injection vulnerability affecting the Job Portal software, specifically through the CATEGORY parameter in the /jobportal/admin/category/controller.php file. Exploitation of this vulnerability allows an attacker to send specially crafted queries, potentially retrieving all information stored in the database.
FlyCASS Cockpit Access Security System (CASS) | CVE-2024-8395: is a critical vulnerability affecting FlyCASS CASS and KCM systems due to improper filtering of SQL queries, allowing unauthenticated external attackers to exploit it. The CVSS base score for this vulnerability is 9.8, indicating a high severity with potential impacts on confidentiality, integrity, and availability of the affected systems.
SourceCodesters Clinics Patient Management | CVE-2024-8565: is a critical vulnerability identified in the SourceCodesters Clinics Patient Management System version 2.0, specifically affecting the file /print_diseases.php, where improper processing of arguments can lead to SQL injection attacks. This security flaw allows remote attackers to manipulate input parameters without requiring authentication or user interaction.
Draytek VigorConnect | CVE-2021-20123: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Draytek VigorConnect | CVE-2021-20124: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
High Severity Vulnerability
Arbitrary file | CVE-2024-45388: Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the code prevents absolute paths from being specified, an attacker can escape out of the `hf.Cfg.ResponsesBodyFilesPath` base path by using `../` segments and reach any arbitrary files.
@blakeembrey/template string template library | CVE-2024-45390: @blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don’t pass untrusted input as the template display name, or don’t use the display name feature.
Tina search token leak via lock file in TinaCMS | CVE-2024-45391: Tina is an open-source content management system (CMS). Sites building with Tina CMS’s command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.
Cisco Smart Licensing Utility Information Disclosure Vulnerability | CVE-2024-20440: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.
Medium Severity Vulnerability
Nescalante urlregex Backtracking index.js redos | CVE-2024-45302: A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.5.1 is able to address this issue.
Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS) | CVE-2024-45389: Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of `document.currentScript.src`. Prior to Pagefind version 1.1.1, it is possible to “clobber” this lookup with otherwise benign HTML on the page. This will cause `document.currentScript.src` to resolve as an external domain, which will then be used by Pagefind to load dependencies. This exploit would only work in the case that an attacker could inject HTML to a live, hosted, website.
ClamAV Privilege Handling Escalation Vulnerability | CVE-2024-20506: A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
SourceCodester PHP CRUD update.php sql injection | CVE-2024-8564: A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tbl_person_id/first_name/middle_name/last_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Leave a Reply