{"id":327,"date":"2024-08-12T14:47:07","date_gmt":"2024-08-12T14:47:07","guid":{"rendered":"https:\/\/danefenner.com\/?p=327"},"modified":"2024-08-12T15:25:54","modified_gmt":"2024-08-12T15:25:54","slug":"cybersecurity-updates-vulnerabilities-august-5-11-2024","status":"publish","type":"post","link":"https:\/\/danefenner.com\/?p=327","title":{"rendered":"Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024"},"content":{"rendered":"\n<p><mark style=\"background-color:#8ed1fc\" class=\"has-inline-color has-black-color\"><strong>Zero Day Vulnerabilities<\/strong> <\/mark><\/p>\n\n\n\n<p><strong>Microsoft Exchange Server Remote Code Execution | <a href=\"https:\/\/thehackernews.com\/2024\/08\/microsoft-warns-of-unpatched-office.html\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-38200<\/a><\/strong>: A critical RCE vulnerability in Microsoft Exchange Server allows attackers to execute arbitrary code remotely, compromising the server and accessing sensitive information\u200b.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:#f71818\" class=\"has-inline-color\">Critical Severity Vulnerabilities<\/mark><\/strong><\/p>\n\n\n\n<p><strong>ServiceNow Remote Code Execution (RCE) Vulnerabilities<\/strong> | <a href=\"https:\/\/www.fortiguard.com\/outbreak-alert\/servicenow-rce#:~:text=It%20recently%20has%20disclosed%20three,Washington%20DC%20Now%20platform%20releases.\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-4879, CVE-2024-5217, CVE-2024-5178<\/a>: Multiple critical vulnerabilities were disclosed in ServiceNow&#8217;s platform, specifically affecting the Vancouver and Washington D.C. releases. These vulnerabilities allow unauthenticated remote attackers to execute arbitrary code and access sensitive data. Active exploitation has been detected, with attackers chaining these vulnerabilities to compromise systems, leading to data breaches and unauthorized access to IT service desks and corporate portals. <\/p>\n\n\n\n<p><strong>Apache OFBiz Remote Code Execution (RCE) Vulnerability<\/strong> | <a href=\"https:\/\/threatprotect.qualys.com\/2024\/08\/06\/apache-ofbiz-remote-code-execution-vulnerability-cve-2024-38856\/#:~:text=Apache%20OFBiz%20Remote%20Code%20Execution%20Vulnerability%20(CVE%2D2024%2D38856),-Posted%20by%20Diksha&amp;text=Apache%20OFBiz%20is%20vulnerable%20to,a%20CVSS%20score%20of%209.8.\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-38856<\/a>: Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don&#8217;t explicitly check user&#8217;s permissions because they rely on the configuration of their endpoints).<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-layout-1 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong><mark style=\"background-color:#f89d9d\" class=\"has-inline-color\">High Severity Vulnerabilities<\/mark><\/strong> <\/p>\n\n\n\n<p><strong>Linux Kernel Privilege Escalation<\/strong> | <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-36941\">CVE-2024-36941<\/a>: This vulnerability in the Linux kernel can allow a local user to escalate privileges, giving them unauthorized access to higher-level functions and data\u200b.<\/p>\n\n\n\n<p><strong>Microsoft COM for Windows Privilege Escalation<\/strong> |  <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-0824\">CVE-2018-0824<\/a>: A high-severity deserialization vulnerability in Microsoft COM for Windows allows for privilege escalation and potential remote code execution via crafted files or scripts.<\/p>\n\n\n\n<p><strong>Android Kernel Remote Code Execution<\/strong> | <a href=\"https:\/\/www.mycert.org.my\/portal\/advisory?id=MA-1115.082024#:~:text=This%20vulnerability%2C%20tracked%20as%20CVE,full%20control%20of%20compromised%20devices.\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-36971<\/a>: A high-severity RCE vulnerability in the Android kernel affects devices running certain versions of the Linux Kernel. The issue allows remote attackers to execute arbitrary code.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:#ffffff\" class=\"has-inline-color\">Noteworthy Developments<\/mark><\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/la-cyber.com\/Current-Active-Threats.php\" target=\"_blank\" rel=\"noreferrer noopener\">Royal Ransomware Rebrand<\/a>: The notorious Royal Ransomware group has rebranded as \u201cBlackSuit,\u201d continuing its operations with updated tactics. While this isn&#8217;t linked to a specific CVE, it highlights ongoing risks related to ransomware attacks and the need for vigilance.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong><mark style=\"background-color:#fcb900\" class=\"has-inline-color\">Medium Severity Vulnerabilities<\/mark><\/strong><\/p>\n\n\n\n<p><strong>VMware ESXi Authentication Bypass<\/strong> | <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-37085\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-37085<\/a>: This vulnerability allows attackers to bypass authentication on VMware ESXi servers. It poses significant risks as it can enable unauthorized access to virtual machines, potentially leading to data breaches and system compromise. CISA has added this to their Known Exploited Vulnerabilities Catalog\u200b.<\/p>\n\n\n\n<p><strong>Microsoft Windows Codecs Library Information Disclosure Vulnerability<\/strong> | <a href=\"https:\/\/www.canva.com\/design\/DAGMLjF6tKg\/r1rmm3A1DjhYpQ4zQm40KA\/edit\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-38056<\/a>: This vulnerability falls under the category of CWE-125, which refers to an out-of-bounds read issue. In this paragraph, we will delve into the details of this vulnerability and its potential impact on Windows 10 users.<\/p>\n\n\n\n<p><strong>Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability<\/strong> | <a href=\"https:\/\/www.avesnetsec.com\/vulnerabilities\/cve-2024-38102\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-38102<\/a>: This vulnerability has raised concerns amongst users and cybersecurity experts due to the potential risks it poses to the security and stability of the operating system.<\/p>\n\n\n\n<p><strong>Incomplete Input Validation in SecurelyAccess API<\/strong> | <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-5178\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-5178<\/a>: This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.<\/p>\n\n\n\n<p><strong>Thermal\/drivers\/Tsens: Fix null pointer dereference<\/strong> | <a href=\"https:\/\/www.tenable.com\/plugins\/nessus\/205322\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-38571<\/a>: In the Linux kernel, the following vulnerability has been resolved: thermal\/drivers\/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null pointer dereference (if DEBUG or DYNAMIC_DEBUG set). Fix this bug by adding null pointer check. Found by Linux Verification Center (linuxtesting.org) with SVACE.<\/p>\n\n\n\n<p><strong>WordPress Login Logo Editor plugin<\/strong> | <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-37523\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-37523<\/a>: Improper Neutralization of Input During Web Page Generation (XSS or &#8216;Cross-site Scripting&#8217;) vulnerability in AMP-MODE Login Logo Editor allows Stored XSS.This issue affects Login Logo Editor: from n\/a through 1.3.3.<\/p>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zero Day Vulnerabilities Microsoft Exchange Server Remote Code Execution | CVE-2024-38200: A critical RCE vulnerability in Microsoft Exchange Server allows attackers to execute arbitrary code remotely, compromising the server and accessing sensitive information\u200b. Critical Severity Vulnerabilities ServiceNow Remote Code Execution (RCE) Vulnerabilities | CVE-2024-4879, CVE-2024-5217, CVE-2024-5178: Multiple critical vulnerabilities were disclosed in ServiceNow&#8217;s platform, specifically [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":330,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[1],"tags":[6,25,12],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024 - Dane Fenner<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/danefenner.com\/?p=327\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024 - Dane Fenner\" \/>\n<meta property=\"og:description\" content=\"Zero Day Vulnerabilities Microsoft Exchange Server Remote Code Execution | CVE-2024-38200: A critical RCE vulnerability in Microsoft Exchange Server allows attackers to execute arbitrary code remotely, compromising the server and accessing sensitive information\u200b. Critical Severity Vulnerabilities ServiceNow Remote Code Execution (RCE) Vulnerabilities | CVE-2024-4879, CVE-2024-5217, CVE-2024-5178: Multiple critical vulnerabilities were disclosed in ServiceNow&#8217;s platform, specifically [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/danefenner.com\/?p=327\" \/>\n<meta property=\"og:site_name\" content=\"Dane Fenner\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-12T14:47:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-12T15:25:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Maria Yap\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Maria Yap\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/danefenner.com\/?p=327\",\"url\":\"https:\/\/danefenner.com\/?p=327\",\"name\":\"Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024 - Dane Fenner\",\"isPartOf\":{\"@id\":\"https:\/\/danefenner.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/danefenner.com\/?p=327#primaryimage\"},\"image\":{\"@id\":\"https:\/\/danefenner.com\/?p=327#primaryimage\"},\"thumbnailUrl\":\"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation-1.jpg\",\"datePublished\":\"2024-08-12T14:47:07+00:00\",\"dateModified\":\"2024-08-12T15:25:54+00:00\",\"author\":{\"@id\":\"https:\/\/danefenner.com\/#\/schema\/person\/f79cd022251218532e74bcb12983a882\"},\"breadcrumb\":{\"@id\":\"https:\/\/danefenner.com\/?p=327#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/danefenner.com\/?p=327\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/danefenner.com\/?p=327#primaryimage\",\"url\":\"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation-1.jpg\",\"contentUrl\":\"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation-1.jpg\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/danefenner.com\/?p=327#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/danefenner.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/danefenner.com\/#website\",\"url\":\"https:\/\/danefenner.com\/\",\"name\":\"Dane Fenner\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/danefenner.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/danefenner.com\/#\/schema\/person\/f79cd022251218532e74bcb12983a882\",\"name\":\"Maria Yap\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/danefenner.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9c6ec2a4c531e381d8e429104aaee3d0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9c6ec2a4c531e381d8e429104aaee3d0?s=96&d=mm&r=g\",\"caption\":\"Maria Yap\"},\"sameAs\":[\"http:\/\/mavenbymaria.com\"],\"url\":\"https:\/\/danefenner.com\/?author=2\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024 - Dane Fenner","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/danefenner.com\/?p=327","og_locale":"en_US","og_type":"article","og_title":"Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024 - Dane Fenner","og_description":"Zero Day Vulnerabilities Microsoft Exchange Server Remote Code Execution | CVE-2024-38200: A critical RCE vulnerability in Microsoft Exchange Server allows attackers to execute arbitrary code remotely, compromising the server and accessing sensitive information\u200b. Critical Severity Vulnerabilities ServiceNow Remote Code Execution (RCE) Vulnerabilities | CVE-2024-4879, CVE-2024-5217, CVE-2024-5178: Multiple critical vulnerabilities were disclosed in ServiceNow&#8217;s platform, specifically [&hellip;]","og_url":"https:\/\/danefenner.com\/?p=327","og_site_name":"Dane Fenner","article_published_time":"2024-08-12T14:47:07+00:00","article_modified_time":"2024-08-12T15:25:54+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation-1.jpg","type":"image\/jpeg"}],"author":"Maria Yap","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Maria Yap","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/danefenner.com\/?p=327","url":"https:\/\/danefenner.com\/?p=327","name":"Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024 - Dane Fenner","isPartOf":{"@id":"https:\/\/danefenner.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/danefenner.com\/?p=327#primaryimage"},"image":{"@id":"https:\/\/danefenner.com\/?p=327#primaryimage"},"thumbnailUrl":"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation-1.jpg","datePublished":"2024-08-12T14:47:07+00:00","dateModified":"2024-08-12T15:25:54+00:00","author":{"@id":"https:\/\/danefenner.com\/#\/schema\/person\/f79cd022251218532e74bcb12983a882"},"breadcrumb":{"@id":"https:\/\/danefenner.com\/?p=327#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/danefenner.com\/?p=327"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/danefenner.com\/?p=327#primaryimage","url":"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation-1.jpg","contentUrl":"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation-1.jpg","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/danefenner.com\/?p=327#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/danefenner.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Updates: Vulnerabilities,\u00a0August 5-11, 2024"}]},{"@type":"WebSite","@id":"https:\/\/danefenner.com\/#website","url":"https:\/\/danefenner.com\/","name":"Dane Fenner","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/danefenner.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/danefenner.com\/#\/schema\/person\/f79cd022251218532e74bcb12983a882","name":"Maria Yap","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/danefenner.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9c6ec2a4c531e381d8e429104aaee3d0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9c6ec2a4c531e381d8e429104aaee3d0?s=96&d=mm&r=g","caption":"Maria Yap"},"sameAs":["http:\/\/mavenbymaria.com"],"url":"https:\/\/danefenner.com\/?author=2"}]}},"_links":{"self":[{"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/posts\/327"}],"collection":[{"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=327"}],"version-history":[{"count":6,"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/posts\/327\/revisions"}],"predecessor-version":[{"id":337,"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/posts\/327\/revisions\/337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/media\/330"}],"wp:attachment":[{"href":"https:\/\/danefenner.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}