Weekly Vulnerabilities Reports > April 22 to 28, 2024

Overview

34 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 11 products from 7 vendors including Linux, Cisco, Qnap, Aditya88, and Apache. Vulnerabilities are notably categorized as "Cross-site Scripting", "Stack-based Buffer Overflow", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Resource Shutdown or Release", and "Code Injection".

  • 20 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 8 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-04-22 CVE-2024-4040 Crushftp Code Injection vulnerability in Crushftp

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

10.0
2024-04-27 CVE-2024-3342 The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
9.9
2024-04-22 CVE-2024-27348 Apache Unspecified vulnerability in Apache Hugegraph 1.0.0/1.2.0

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

9.8

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-04-26 CVE-2023-50361 Qnap Stack-based Buffer Overflow vulnerability in Qnap QTS and Quts Hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-04-26 CVE-2023-50362 Qnap Stack-based Buffer Overflow vulnerability in Qnap QTS and Quts Hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-04-26 CVE-2023-50364 Qnap Heap-based Buffer Overflow vulnerability in Qnap QTS and Quts Hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-04-23 CVE-2024-4071 Aditya88 SQL Injection vulnerability in Aditya88 Online Furniture Shopping Ecommerce Website 1.0

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical.

8.8
2024-04-24 CVE-2024-20353 Cisco Infinite Loop vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header.

8.6
2024-04-26 CVE-2023-50363 Qnap Incorrect Authorization vulnerability in Qnap QTS and Quts Hero

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions.

8.1
2024-04-25 CVE-2024-22373 An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23.
8.1
2024-04-28 CVE-2022-48655 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses.

7.8
2024-04-28 CVE-2022-48657 Linux Classic Buffer Overflow vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

7.8
2024-04-28 CVE-2022-48658 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context") moved all flush_cpu_slab() invocations to the global workqueue to avoid a problem related with deactivate_slab()/__free_slab() being called from an IRQ context on PREEMPT_RT kernels. When the flush_all_cpu_locked() function is called from a task context it may happen that a workqueue with WQ_MEM_RECLAIM bit set ends up flushing the global workqueue, this will cause a dependency issue. workqueue: WQ_MEM_RECLAIM nvme-delete-wq:nvme_delete_ctrl_work [nvme_core] is flushing !WQ_MEM_RECLAIM events:flush_cpu_slab WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637 check_flush_dependency+0x10a/0x120 Workqueue: nvme-delete-wq nvme_delete_ctrl_work [nvme_core] RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Call Trace: __flush_work.isra.0+0xbf/0x220 ? __queue_work+0x1dc/0x420 flush_all_cpus_locked+0xfb/0x120 __kmem_cache_shutdown+0x2b/0x320 kmem_cache_destroy+0x49/0x100 bioset_exit+0x143/0x190 blk_release_queue+0xb9/0x100 kobject_cleanup+0x37/0x130 nvme_fc_ctrl_free+0xc6/0x150 [nvme_fc] nvme_free_ctrl+0x1ac/0x2b0 [nvme_core] Fix this bug by creating a workqueue for the flush operation with the WQ_MEM_RECLAIM bit set.

7.8
2024-04-28 CVE-2022-48662 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context reference to protect its i915->gem.contexts.list iteration.

7.8
2024-04-25 CVE-2024-22391 A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23.
7.7
2024-04-23 CVE-2024-28130 An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8.
7.5
2024-04-24 CVE-2024-20313 Cisco Classic Buffer Overflow vulnerability in Cisco IOS XE

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

7.4

16 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-04-24 CVE-2024-20358 Cisco OS Command Injection vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges.

6.7
2024-04-23 CVE-2024-3911 An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. 
6.5
2024-04-27 CVE-2024-3309 The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping.
6.4
2024-04-27 CVE-2024-2838 The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function.
6.4
2024-04-24 CVE-2024-20359 Cisco Code Injection vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges.

6.0
2024-04-28 CVE-2022-48654 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace.

5.5
2024-04-28 CVE-2022-48656 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it is not used anymore. Here we only need to move the of_node_put() before the check.

5.5
2024-04-28 CVE-2022-48659 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUG_ON(); kernel BUG at mm/slub.c:5893! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Call trace: sysfs_slab_add+0x258/0x260 mm/slub.c:5973 __kmem_cache_create+0x60/0x118 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335 kmem_cache_create+0x1c/0x28 mm/slab_common.c:390 f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline] f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808 f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149 mount_bdev+0x1b8/0x210 fs/super.c:1400 f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512 legacy_get_tree+0x30/0x74 fs/fs_context.c:610 vfs_get_tree+0x40/0x140 fs/super.c:1530 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x914 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568

5.5
2024-04-28 CVE-2022-48660 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below command gpiomon --num-events=3 --rising-edge gpiochip1 25 There will be a warning trace as below: Call trace: free_irq+0x204/0x360 lineevent_free+0x64/0x70 gpio_ioctl+0x598/0x6a0 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x5c/0x130 ...... el0t_64_sync+0x1a0/0x1a4 The reason of this issue is that calling request_threaded_irq() function failed, and then lineevent_free() is invoked to release the resource.

5.5
2024-04-28 CVE-2022-48661 Linux Improper Resource Shutdown or Release vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed.

5.5
2024-04-23 CVE-2024-1241 Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver.
5.5
2024-04-23 CVE-2024-2760 Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver.
5.5
2024-04-24 CVE-2024-2404 Utopique Cross-site Scripting vulnerability in Utopique Better Comments

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks.

5.4
2024-04-23 CVE-2024-4072 Aditya88 Cross-site Scripting vulnerability in Aditya88 Online Furniture Shopping Ecommerce Website 1.0

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0.

5.4
2024-04-23 CVE-2024-4073 Aditya88 Cross-site Scripting vulnerability in Aditya88 Online Furniture Shopping Ecommerce Website 1.0

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0.

5.4
2024-04-27 CVE-2024-2258 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping.
4.4

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-04-27 CVE-2024-3034 The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter.
2.7