Weekly Vulnerabilities Reports > April 22 to 28, 2024

Overview

34 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 21 products from 11 vendors including Linux, Gitlab, Apple, Cisco, and Qnap. Vulnerabilities are notably categorized as "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Classic Buffer Overflow", and "Use of Uninitialized Resource".

  • 19 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 9 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Checkmk has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-04-22 CVE-2024-4040 Crushftp Code Injection vulnerability in Crushftp

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

10.0
2024-04-24 CVE-2024-28825 Checkmk Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.

9.8
2024-04-22 CVE-2024-27348 Apache Unspecified vulnerability in Apache Hugegraph 1.0.0/1.2.0

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

9.8

16 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-04-26 CVE-2023-50361 Qnap Unspecified vulnerability in Qnap QTS and Quts Hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-04-26 CVE-2023-50362 Qnap Unspecified vulnerability in Qnap QTS and Quts Hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-04-26 CVE-2023-50364 Qnap Unspecified vulnerability in Qnap QTS and Quts Hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-04-25 CVE-2024-4024 Gitlab Improper Authentication vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1.

8.8
2024-04-23 CVE-2024-4071 Aditya88 Unspecified vulnerability in Aditya88 Online Furniture Shopping Ecommerce Website 1.0

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical.

8.8
2024-04-24 CVE-2024-20353 Cisco Infinite Loop vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header.

8.6
2024-04-26 CVE-2023-50363 Qnap Unspecified vulnerability in Qnap QTS and Quts Hero

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions.

8.1
2024-04-25 CVE-2024-2434 Gitlab Path Traversal vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

8.1
2024-04-28 CVE-2022-48655 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses.

7.8
2024-04-28 CVE-2022-48657 Linux Classic Buffer Overflow vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

7.8
2024-04-28 CVE-2022-48658 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context") moved all flush_cpu_slab() invocations to the global workqueue to avoid a problem related with deactivate_slab()/__free_slab() being called from an IRQ context on PREEMPT_RT kernels. When the flush_all_cpu_locked() function is called from a task context it may happen that a workqueue with WQ_MEM_RECLAIM bit set ends up flushing the global workqueue, this will cause a dependency issue. workqueue: WQ_MEM_RECLAIM nvme-delete-wq:nvme_delete_ctrl_work [nvme_core] is flushing !WQ_MEM_RECLAIM events:flush_cpu_slab WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637 check_flush_dependency+0x10a/0x120 Workqueue: nvme-delete-wq nvme_delete_ctrl_work [nvme_core] RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Call Trace: __flush_work.isra.0+0xbf/0x220 ? __queue_work+0x1dc/0x420 flush_all_cpus_locked+0xfb/0x120 __kmem_cache_shutdown+0x2b/0x320 kmem_cache_destroy+0x49/0x100 bioset_exit+0x143/0x190 blk_release_queue+0xb9/0x100 kobject_cleanup+0x37/0x130 nvme_fc_ctrl_free+0xc6/0x150 [nvme_fc] nvme_free_ctrl+0x1ac/0x2b0 [nvme_core] Fix this bug by creating a workqueue for the flush operation with the WQ_MEM_RECLAIM bit set.

7.8
2024-04-28 CVE-2022-48662 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context reference to protect its i915->gem.contexts.list iteration.

7.8
2024-04-26 CVE-2022-48611 Apple Unspecified vulnerability in Apple Itunes

A logic issue was addressed with improved checks.

7.8
2024-04-25 CVE-2024-2829 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1.

7.5
2024-04-24 CVE-2024-20313 Cisco Classic Buffer Overflow vulnerability in Cisco IOS XE

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

7.4
2024-04-24 CVE-2024-27791 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

The issue was addressed with improved checks.

7.1

14 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-04-25 CVE-2024-25624 Dfir Iris Code Injection vulnerability in Dfir-Iris Iris

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations.

6.8
2024-04-24 CVE-2024-20358 Cisco OS Command Injection vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges.

6.7
2024-04-24 CVE-2024-23271 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved checks.

6.5
2024-04-24 CVE-2024-20359 Cisco Code Injection vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges.

6.0
2024-04-28 CVE-2022-48654 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace.

5.5
2024-04-28 CVE-2022-48656 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it is not used anymore. Here we only need to move the of_node_put() before the check.

5.5
2024-04-28 CVE-2022-48659 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUG_ON(); kernel BUG at mm/slub.c:5893! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Call trace: sysfs_slab_add+0x258/0x260 mm/slub.c:5973 __kmem_cache_create+0x60/0x118 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335 kmem_cache_create+0x1c/0x28 mm/slab_common.c:390 f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline] f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808 f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149 mount_bdev+0x1b8/0x210 fs/super.c:1400 f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512 legacy_get_tree+0x30/0x74 fs/fs_context.c:610 vfs_get_tree+0x40/0x140 fs/super.c:1530 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x914 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568

5.5
2024-04-28 CVE-2022-48660 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below command gpiomon --num-events=3 --rising-edge gpiochip1 25 There will be a warning trace as below: Call trace: free_irq+0x204/0x360 lineevent_free+0x64/0x70 gpio_ioctl+0x598/0x6a0 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x5c/0x130 ...... el0t_64_sync+0x1a0/0x1a4 The reason of this issue is that calling request_threaded_irq() function failed, and then lineevent_free() is invoked to release the resource.

5.5
2024-04-28 CVE-2022-48661 Linux Improper Resource Shutdown or Release vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed.

5.5
2024-04-24 CVE-2024-2404 Utopique Cross-site Scripting vulnerability in Utopique Better Comments

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks.

5.4
2024-04-23 CVE-2024-4072 Aditya88 Cross-site Scripting vulnerability in Aditya88 Online Furniture Shopping Ecommerce Website 1.0

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0.

5.4
2024-04-23 CVE-2024-4073 Aditya88 Unspecified vulnerability in Aditya88 Online Furniture Shopping Ecommerce Website 1.0

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0.

5.4
2024-04-25 CVE-2024-1347 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1.

5.3
2024-04-25 CVE-2024-4006 Gitlab Incorrect Authorization vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-04-24 CVE-2024-23228 Apple Unspecified vulnerability in Apple Ipados

This issue was addressed through improved state management.

3.3