Here are the CVE updates for the week of October 7th through the 13th.
Zero-day Severity Vulnerability
Qualcomm Multiple Chipsets Use-After-Free | CVE-2024-43047: is a high-severity Use-After-Free flaw in the DSP Service (CVSS Score: 7.8). This vulnerability, discovered in late July 2024, has been confirmed to be under limited, targeted exploitation in the wild, according to reports from Google Project Zero, Amnesty International Security Lab, and Google’s Threat Analysis Group (TAG).
Critical Severity Vulnerability
FlashArray Privilege Escalation | CVE-2024-3057: is a critical vulnerability affecting multiple Pure Storage FlashArray products, including models zS8bHN, zS8bHP, zS8bHO, zS8bHQ, zTkJva, and zTkJvb. The flaw allows an unauthenticated user to exploit a specific call to a FlashArray endpoint, leading to privilege escalation without any required user interaction.
Fortinet Multiple Products Format String | CVE-2024-23113: is a critical remote code execution vulnerability affecting multiple Fortinet products, including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. This vulnerability allows an unauthenticated attacker to execute arbitrary code or commands on the affected device by exploiting a format string vulnerability in the fgfmd daemon.
Mozilla Firefox Use-After-Free | CVE-2024-9680: is a critical vulnerability found in Firefox and Thunderbird, which allows attackers to execute arbitrary code by exploiting a “use-after-free” vulnerability in the animation timeline component. This flaw can potentially allow attackers to take control of affected systems. The issue has been reported to have been exploited in the wild.
Qualcomm\’s WLAN Resource Manager | CVE-2024-33066: is a memory corruption vulnerability in Qualcomm\’s WLAN Resource Manager. This vulnerability could allow an attacker to execute arbitrary code on an affected device. This vulnerability affects a wide range of devices that use Qualcomm\’s WLAN Resource Manager, including smartphones, tablets, and IoT devices.
High Severity Vulnerability
Microsoft Windows Management Console Remote Code Execution | CVE-2024-43572: is a stored cross-site scripting vulnerability affecting Nessus Network Monitor products including zF8ard, zF698m, zF8arc, zF6KNF, and zF698l. This vulnerability allows an authenticated, privileged local attacker to inject arbitrary code into the NNM user interface via the local command-line interface.
Windows Hyper-V Security Feature Bypass | CVE-2024-20659: is a Windows Hyper-V Security Feature Bypass vulnerability that affects various Hyper-V products, including multiple versions of Windows Server. This vulnerability has a high severity rating with a CVSS score of 7.1 and can lead to significant impacts on confidentiality, integrity, and availability, requiring user interaction for exploitation through an adjacent network.
Local File Inclusion in pretix-widget WordPress plugin | CVE-2024-9575: is a Local File Inclusion vulnerability affecting the pretix Widget WordPress plugin versions 1.0.0 through 1.0.5 on Windows systems, which allows for PHP Local File Inclusion attacks. This vulnerability has a high severity rating, with a CVSS base score of 8.1, indicating significant risks to confidentiality and integrity, while requiring low privileges and no user interaction for exploitation.
Ivanti Cloud Services Appliance (CSA) OS Command Injection | CVE-2024-9380: An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Medium Severity Vulnerability
Denial of Service in Solidigm SSD DC Products | CVE-2024-47971: is a vulnerability that affects certain Solidigm SSD DC products. This vulnerability could allow an attacker to execute a denial of service (DoS) attack by exploiting improper error handling in the firmware.
Improper Resource Management in Solidigm SSD DC Products | CVE-2024-47972: identifies a vulnerability in the firmware of certain Solidigm DC products due to improper resource management, which may enable an attacker to influence resource performance. The exploitability score is rated at 2.5, with a base severity classified as medium, indicating that it poses a moderate risk. This vulnerability requires no privileges or user interaction, making it potentially accessible through local attack vectors.
Path Traversal in Saltcorn | CVE-2024-47818: is a vulnerability in Saltcorn, an open-source no-code database application builder, that allows logged-in users to delete arbitrary files from the filesystem via the sync/clean_sync_dir endpoint due to insufficient validation of the dir_name POST parameter. This flaw poses a medium severity risk, with high availability impact and low privileges required for exploitation. The vulnerability can be exploited without user interaction through a network attack, and there are no known workarounds available.
Microsoft Windows MSHTML Platform Spoofing | CVE-2024-43573: is a spoofing vulnerability in the Windows MSHTML Platform. It was assigned a CVSSv3 score of 6.5 and is rated as moderate. An unauthenticated, remote attacker could exploit this vulnerability by convincing a potential target to open a malicious file.
HTTP Request Smuggling Vulnerability | CVE-2024-9622: is a vulnerability found in the resteasy-netty4 library, which arises from improper handling of HTTP requests that utilize smuggling techniques. The issue occurs when an HTTP smuggling request containing an ASCII control character is processed, causing the Netty HttpObjectDecoder to enter a BAD_MESSAGE state; this results in legitimate requests being ignored and can lead to client timeouts.
Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability | CVE-2024-9379: is an SQL Injection Vulnerability in Ivanti Cloud Services Appliance (CSA) software. This vulnerability allows a remote authenticated attacker with admin privileges to execute arbitrary SQL statements on the affected system.
Reflected Cross-Site Scripting (XSS) | CVE-2024-9670: identifies a vulnerability in the 2D Tag Cloud plugin for WordPress, which is susceptible to Reflected Cross-Site Scripting (XSS) due to improper escaping of URLs in versions up to and including 6.0.2. This flaw allows unauthenticated attackers to inject malicious scripts into web pages, potentially compromising users if they are tricked into clicking a manipulated link. Affected products include various versions of the 2D Tag Cloud plugin, and remediation involves updating the plugin to the latest version that addresses this vulnerability.
Rcode-projects Blood Bank System | CVE-2024-9894: This vulnerability can be exploited remotely, posing a risk of unauthorized access to sensitive data and potential manipulation of the database. The integrity and confidentiality impacts are rated as low, but available exploitation could allow attackers to compromise the system with minimal privileges. Organizations using this software should implement remediation measures such as input validation and parameterized queries to mitigate this risk effectively.
Access token from query string is inserted into logs in Directus | CVE-2024-47822: is a vulnerability affecting Directus, a real-time API and application dashboard for managing SQL databases. The issue arises from access tokens being exposed in system logs when the LOG_STYLE is set to raw, leading to potential unauthorized administrative access if attackers gain access to these logs.