SecuriTricks - 2024-06-27

Title	Published	Tags	Description	Number of indicators
GrimResource - Microsoft Management Console for initial access and evasion	June 27, 2024, 5:02 p.m.	cobalt strike execution vbscript jscript 2024-06-27 msc file mmc console grimresource console pastaloader windows script	A novel, in-the-wild code execution technique leveraging Microsoft Management Console files (MSC) has been identified by Elastic …	3
Polyfill supply chain attack hits 100K+ sites	June 27, 2024, 12:32 p.m.	malvertising supply chain 2024-06-27 polyfill.js redirection	A malicious Chinese entity acquired control over the popular Polyfill JS open-source project and has been injecting malware into …	7
New InnoSetup Malware Created Upon Each Download Attempt	June 27, 2024, 9:34 a.m.	obfuscation 2024-06-27 stealc lu0bot dga innosetup multistagepayload	A security intelligence report describing a new malware distribution technique where malicious code is dynamically generated for …	32
DBatLoader Distributed via CMD Files	June 27, 2024, 9:26 a.m.	stealthy obfuscation phishing 2024-06-27 downloader dbatloader modiloader	A cybersecurity analysis has identified a malicious operation involving the distribution of a downloader, dubbed DBatLoader or Mo…	0
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer	June 27, 2024, 8:14 a.m.	ransomware rootkit worm cryptominer 2024-06-27 p2pinfect rsagen	P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it…	15
Malicious npm package targets AWS users	June 27, 2024, 7:58 a.m.	backdoor supply-chain 2024-06-27 npm aws	ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked …	3

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-2973	10.0	June 27, 2024, 9:15 p.m.	Juniper Networks Session Smart Router	CWE-288 2024-06-27 CVE-2024-2973 sirt@juniper.net
CVE-2024-3330	9.9	June 27, 2024, 7:15 p.m.	Spotfire Analyst	security@tibco.com 2024-06-27 CVE-2024-3330
CVE-2024-0947	9.8	June 27, 2024, 10:15 a.m.	Elektraweb	iletisim@usom.gov.tr 2024-06-27 CVE-2024-0947 CWE-565
CVE-2024-0949	9.8	June 27, 2024, 10:15 a.m.	Elektraweb	iletisim@usom.gov.tr CWE-1390 2024-06-27 CVE-2024-0949
CVE-2024-5751	9.8	June 27, 2024, 7:15 p.m.	litellm	CWE-94 security@huntr.dev 2024-06-27 CVE-2024-5751
CVE-2024-5826	9.8	June 27, 2024, 7:15 p.m.	vanna-ai/vanna	CWE-94 security@huntr.dev 2024-06-27 CVE-2024-5826
CVE-2024-6127	9.8	June 27, 2024, 8:15 p.m.	BC Security Empire	CWE-22 disclosure@vulncheck.com 2024-06-27 CVE-2024-6127
CVE-2024-5655	9.6	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-284 cve@gitlab.com 2024-06-27 CVE-2024-5655
CVE-2024-5980	9.1	June 27, 2024, 7:15 p.m.	pytorch-lightning	CWE-434 security@huntr.dev 2024-06-27 CVE-2024-5980
CVE-2024-6054	8.8	June 27, 2024, 3:15 a.m.	Auto Featured Image plugin for WordPress	security@wordfence.com 2024-06-27 CVE-2024-6054
CVE-2024-1107	8.8	June 27, 2024, 1:15 p.m.	Talya Informatics Travel APPS	CWE-639 iletisim@usom.gov.tr 2024-06-27 CVE-2024-1107
CVE-2024-4901	8.7	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-79 cve@gitlab.com 2024-06-27 CVE-2024-4901
CVE-2024-5885	8.6	June 27, 2024, 7:15 p.m.	quivr	security@huntr.dev CWE-918 2024-06-27 CVE-2024-5885
CVE-2024-6085	8.6	June 27, 2024, 7:15 p.m.	lollms package	CWE-22 security@huntr.dev 2024-06-27 CVE-2024-6085
CVE-2023-30997	8.4	June 27, 2024, 7:15 p.m.	IBM Security Access Manager Docker	psirt@us.ibm.com CWE-250 2024-06-27 CVE-2023-30997
CVE-2023-30998	8.4	June 27, 2024, 7:15 p.m.	IBM Security Access Manager Docker	psirt@us.ibm.com CWE-250 2024-06-27 CVE-2023-30998
CVE-2024-4578	8.4	June 27, 2024, 7:15 p.m.	Arista Wireless Access Points	CWE-77 2024-06-27 CVE-2024-4578 psirt@arista.com
CVE-2024-35260	8.0	June 27, 2024, 6:15 p.m.	Microsoft Dataverse	secure@microsoft.com CWE-426 2024-06-27 CVE-2024-35260
CVE-2024-22232	7.7	June 27, 2024, 7:15 a.m.	SaltStack	security@vmware.com 2024-06-27 CVE-2024-22232
CVE-2024-5820	7.6	June 27, 2024, 7:15 p.m.	UNKNOWN	CWE-862 security@huntr.dev 2024-06-27 CVE-2024-5820
CVE-2024-6323	7.5	June 27, 2024, 12:15 a.m.	GitLab EE	cve@gitlab.com 2024-06-27 CVE-2024-6323 CWE-653
CVE-2024-31916	7.5	June 27, 2024, 6:15 p.m.	IBM OpenBMC	psirt@us.ibm.com CWE-288 2024-06-27 CVE-2024-31916
CVE-2024-5334	7.5	June 27, 2024, 6:15 p.m.	GitHub repository stitionai/devika	security@huntr.dev CWE-73 2024-06-27 CVE-2024-5334
CVE-2024-5547	7.5	June 27, 2024, 6:15 p.m.	GitHub repository stitionai/devika	security@huntr.dev CWE-23 2024-06-27 CVE-2024-5547
CVE-2024-5548	7.5	June 27, 2024, 6:15 p.m.	GitHub repository stitionai/devika	CWE-22 security@huntr.dev 2024-06-27 CVE-2024-5548
CVE-2023-38370	7.5	June 27, 2024, 7:15 p.m.	IBM Security Access Manager Docker	psirt@us.ibm.com CWE-276 2024-06-27 CVE-2023-38370
CVE-2024-3043	7.5	June 27, 2024, 7:15 p.m.	Zigbee	product-security@silabs.com 2024-06-27 CVE-2024-3043 CWE-829
CVE-2024-5979	7.5	June 27, 2024, 7:15 p.m.	h2o-3	CWE-400 security@huntr.dev 2024-06-27 CVE-2024-5979
CVE-2024-6038	7.5	June 27, 2024, 7:15 p.m.	gaizhenbiao/chuanhuchatgpt	security@huntr.dev 2024-06-27 CVE-2024-6038 CWE-625
CVE-2024-6090	7.5	June 27, 2024, 7:15 p.m.	gaizhenbiao/chuanhuchatgpt	CWE-400 security@huntr.dev 2024-06-27 CVE-2024-6090
CVE-2024-6250	7.5	June 27, 2024, 7:15 p.m.	parisneo/lollms-webui	CWE-36 security@huntr.dev 2024-06-27 CVE-2024-6250
CVE-2024-38523	7.5	June 27, 2024, 8:15 p.m.	Hush Line	security-advisories@github.com CWE-287 2024-06-27 CVE-2024-38523
CVE-2024-5714	7.4	June 27, 2024, 7:15 p.m.	lunary-ai/lunary	CWE-284 security@huntr.dev 2024-06-27 CVE-2024-5714
CVE-2024-5824	7.4	June 27, 2024, 7:15 p.m.	parisneo/lollms	CWE-22 security@huntr.dev 2024-06-27 CVE-2024-5824
CVE-2024-6371	7.3	June 27, 2024, 1:16 p.m.	Pool of Bethesda Online Reservation System	CWE-89 cna@vuldb.com 2024-06-27 CVE-2024-6371
CVE-2024-6373	7.3	June 27, 2024, 1:16 p.m.	itsourcecode Online Food Ordering System	CWE-434 cna@vuldb.com 2024-06-27 CVE-2024-6373
CVE-2024-5822	7.3	June 27, 2024, 7:15 p.m.	gaizhenbiao/ChuanhuChatGPT	security@huntr.dev CWE-918 2024-06-27 CVE-2024-5822
CVE-2024-6139	7.3	June 27, 2024, 7:15 p.m.	parisneo/lollms	security@huntr.dev CWE-29 2024-06-27 CVE-2024-6139
CVE-2024-5430	6.8	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-284 cve@gitlab.com 2024-06-27 CVE-2024-5430
CVE-2024-3331	6.8	June 27, 2024, 7:15 p.m.	Spotfire Enterprise Runtime for R - Server Edition	security@tibco.com 2024-06-27 CVE-2024-3331
CVE-2024-22260	6.8	June 27, 2024, 9:15 p.m.	VMware Workspace One UEM	security@vmware.com 2024-06-27 CVE-2024-22260
CVE-2024-1493	6.5	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-400 cve@gitlab.com 2024-06-27 CVE-2024-1493
CVE-2024-3959	6.5	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-285 cve@gitlab.com 2024-06-27 CVE-2024-3959
CVE-2024-4557	6.5	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-400 cve@gitlab.com 2024-06-27 CVE-2024-4557
CVE-2024-3017	6.5	June 27, 2024, 7:15 p.m.	OpenThread Border Router	CWE-119 product-security@silabs.com 2024-06-27 CVE-2024-3017
CVE-2024-5289	6.4	June 27, 2024, 3:15 a.m.	Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress	security@wordfence.com 2024-06-27 CVE-2024-5289
CVE-2024-4569	6.4	June 27, 2024, 4:15 a.m.	Elementor Addon Elements plugin for WordPress	security@wordfence.com 2024-06-27 CVE-2024-4569
CVE-2024-4570	6.4	June 27, 2024, 4:15 a.m.	Elementor Addon Elements plugin for WordPress	security@wordfence.com 2024-06-27 CVE-2024-4570
CVE-2024-5601	6.4	June 27, 2024, 8:15 a.m.	Create by Mediavine plugin for WordPress	security@wordfence.com 2024-06-27 CVE-2024-5601
CVE-2024-4983	6.4	June 27, 2024, 9:15 a.m.	The Plus Addons for Elementor	security@wordfence.com 2024-06-27 CVE-2024-4983
CVE-2024-6262	6.4	June 27, 2024, 11:15 a.m.	Portfolio Gallery - Image Gallery Plugin plugin for WordPress	security@wordfence.com 2024-06-27 CVE-2024-6262
CVE-2024-6372	6.3	June 27, 2024, 1:16 p.m.	Tailoring Management System	CWE-89 cna@vuldb.com 2024-06-27 CVE-2024-6372
CVE-2023-30430	6.2	June 27, 2024, 4:15 p.m.	IBM Security Verify Access	psirt@us.ibm.com CWE-532 2024-06-27 CVE-2023-30430
CVE-2023-38368	6.2	June 27, 2024, 7:15 p.m.	IBM Security Access Manager Docker	psirt@us.ibm.com CWE-276 2024-06-27 CVE-2023-38368
CVE-2024-5933	6.1	June 27, 2024, 7:15 p.m.	UNKNOWN	CWE-79 security@huntr.dev 2024-06-27 CVE-2024-5933
CVE-2024-6388	5.9	June 27, 2024, 4:15 p.m.	Ubuntu Advantage Desktop Daemon	security@ubuntu.com CWE-497 2024-06-27 CVE-2024-6388
CVE-2023-38371	5.9	June 27, 2024, 6:15 p.m.	IBM Security Access Manager Docker	psirt@us.ibm.com CWE-327 2024-06-27 CVE-2023-38371
CVE-2024-6283	5.4	June 27, 2024, 5:15 a.m.	DethemeKit For Elementor plugin for WordPress	security@wordfence.com 2024-06-27 CVE-2024-6283
CVE-2023-42014	5.4	June 27, 2024, 6:15 p.m.	IBM Sterling B2B Integrator Standard Edition	CWE-79 psirt@us.ibm.com 2024-06-27 CVE-2023-42014
CVE-2024-5935	5.4	June 27, 2024, 7:15 p.m.	imartinez/privategpt	CWE-352 security@huntr.dev 2024-06-27 CVE-2024-5935
CVE-2024-1816	5.3	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-400 cve@gitlab.com 2024-06-27 CVE-2024-1816
CVE-2024-2191	5.3	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-284 cve@gitlab.com 2024-06-27 CVE-2024-2191
CVE-2024-31883	5.3	June 27, 2024, 4:15 p.m.	IBM Security Verify Access	psirt@us.ibm.com CWE-703 2024-06-27 CVE-2024-31883
CVE-2024-5710	5.3	June 27, 2024, 7:15 p.m.	berriai/litellm	CWE-284 security@huntr.dev 2024-06-27 CVE-2024-5710
CVE-2024-5755	5.3	June 27, 2024, 7:15 p.m.	lunary-ai/lunary	security@huntr.dev CWE-821 2024-06-27 CVE-2024-5755
CVE-2024-6086	5.3	June 27, 2024, 7:15 p.m.	lunary-ai/lunary	CWE-284 security@huntr.dev 2024-06-27 CVE-2024-6086
CVE-2024-22276	5.3	June 27, 2024, 9:15 p.m.	VMware Cloud Director Object Storage Extension	security@vmware.com 2024-06-27 CVE-2024-22276
CVE-2024-22231	5.0	June 27, 2024, 7:15 a.m.	Salt	security@vmware.com 2024-06-27 CVE-2024-22231
CVE-2024-22272	4.9	June 27, 2024, 9:15 p.m.	VMware Cloud Director	security@vmware.com 2024-06-27 CVE-2024-22272
CVE-2024-35153	4.8	June 27, 2024, 6:15 p.m.	IBM WebSphere Application Server	CWE-79 psirt@us.ibm.com 2024-06-27 CVE-2024-35153
CVE-2024-3115	4.3	June 27, 2024, 12:15 a.m.	GitLab EE	CWE-200 cve@gitlab.com 2024-06-27 CVE-2024-3115
CVE-2024-1153	4.3	June 27, 2024, 2:15 p.m.	Talya Informatics Travel APPS	CWE-284 iletisim@usom.gov.tr 2024-06-27 CVE-2024-1153
CVE-2023-42011	4.3	June 27, 2024, 6:15 p.m.	IBM Sterling B2B Integrator Standard Edition	psirt@us.ibm.com 2024-06-27 CVE-2023-42011 CWE-1021
CVE-2024-5936	4.3	June 27, 2024, 7:15 p.m.	imartinez/privategpt	CWE-601 security@huntr.dev 2024-06-27 CVE-2024-5936
CVE-2024-6367	3.5	June 27, 2024, 12:15 p.m.	LabVantage LIMS	CWE-79 cna@vuldb.com 2024-06-27 CVE-2024-6367
CVE-2024-6368	3.5	June 27, 2024, 12:15 p.m.	LabVantage LIMS	CWE-79 cna@vuldb.com 2024-06-27 CVE-2024-6368
CVE-2024-6369	3.5	June 27, 2024, 12:15 p.m.	LabVantage LIMS	CWE-79 cna@vuldb.com 2024-06-27 CVE-2024-6369
CVE-2024-6370	3.5	June 27, 2024, 12:15 p.m.	LabVantage LIMS	CWE-79 cna@vuldb.com 2024-06-27 CVE-2024-6370
CVE-2024-6374	3.5	June 27, 2024, 2:15 p.m.	lahirudanushka School Management System	CWE-79 cna@vuldb.com 2024-06-27 CVE-2024-6374
CVE-2024-4011	3.1	June 27, 2024, 12:15 a.m.	GitLab CE/EE	CWE-284 cve@gitlab.com 2024-06-27 CVE-2024-4011
CVE-2024-1330	None	June 27, 2024, 6:15 a.m.	kadence-blocks-pro WordPress plugin	contact@wpscan.com 2024-06-27 CVE-2024-1330
CVE-2024-3111	None	June 27, 2024, 6:15 a.m.	Interactive Content WordPress plugin	contact@wpscan.com 2024-06-27 CVE-2024-3111
CVE-2024-4664	None	June 27, 2024, 6:15 a.m.	WP Chat App WordPress plugin	contact@wpscan.com 2024-06-27 CVE-2024-4664
CVE-2024-4704	None	June 27, 2024, 6:15 a.m.	Contact Form 7 WordPress plugin	contact@wpscan.com 2024-06-27 CVE-2024-4704
CVE-2023-7270	None	June 27, 2024, 10:15 a.m.	SoftMaker Office	551230f0-3615-47bd-b7cc-93e92e730bbf 2024-06-27 CVE-2023-7270
CVE-2024-5535	None	June 27, 2024, 11:15 a.m.	OpenSSL	CWE-200 openssl-security@openssl.org 2024-06-27 CVE-2024-5535
CVE-2024-38515	None	June 27, 2024, 1:16 p.m.	UNKNOWN	security-advisories@github.com 2024-06-27 CVE-2024-38515
CVE-2024-39153	None	June 27, 2024, 2:15 p.m.	idccms	cve@mitre.org 2024-06-27 CVE-2024-39153
CVE-2024-39154	None	June 27, 2024, 2:15 p.m.	idccms	cve@mitre.org 2024-06-27 CVE-2024-39154
CVE-2024-39155	None	June 27, 2024, 2:15 p.m.	idccms	cve@mitre.org 2024-06-27 CVE-2024-39155
CVE-2024-39156	None	June 27, 2024, 2:15 p.m.	idccms	cve@mitre.org 2024-06-27 CVE-2024-39156
CVE-2024-39157	None	June 27, 2024, 2:15 p.m.	idccms	cve@mitre.org 2024-06-27 CVE-2024-39157
CVE-2024-39158	None	June 27, 2024, 2:15 p.m.	idccms	cve@mitre.org 2024-06-27 CVE-2024-39158
CVE-2024-28820	None	June 27, 2024, 4:15 p.m.	openvpn-auth-ldap	cve@mitre.org 2024-06-27 CVE-2024-28820
CVE-2024-39373	None	June 27, 2024, 4:15 p.m.	TELSAT marKoni FM Transmitters	ics-cert@hq.dhs.gov CWE-77 2024-06-27 CVE-2024-39373
CVE-2024-39374	None	June 27, 2024, 4:15 p.m.	TELSAT marKoni FM Transmitters	CWE-798 ics-cert@hq.dhs.gov 2024-06-27 CVE-2024-39374
CVE-2024-39375	None	June 27, 2024, 4:15 p.m.	TELSAT marKoni FM Transmitters	ics-cert@hq.dhs.gov 2024-06-27 CVE-2024-39375 CWE-603
CVE-2024-39376	None	June 27, 2024, 4:15 p.m.	TELSAT marKoni FM Transmitters	CWE-284 ics-cert@hq.dhs.gov 2024-06-27 CVE-2024-39376
CVE-2024-39669	None	June 27, 2024, 4:15 p.m.	Soffid IAM	cve@mitre.org 2024-06-27 CVE-2024-39669
CVE-2024-24792	None	June 27, 2024, 6:15 p.m.	Go programming language	security@golang.org 2024-06-27 CVE-2024-24792
CVE-2024-2882	None	June 27, 2024, 7:15 p.m.	UNKNOWN	CWE-862 ics-cert@hq.dhs.gov 2024-06-27 CVE-2024-2882
CVE-2024-31802	None	June 27, 2024, 8:15 p.m.	DESIGNA ABACUS	cve@mitre.org 2024-06-27 CVE-2024-31802
CVE-2024-39129	None	June 27, 2024, 8:15 p.m.	DumpTS	cve@mitre.org 2024-06-27 CVE-2024-39129
CVE-2024-39130	None	June 27, 2024, 8:15 p.m.	DumpTS	cve@mitre.org 2024-06-27 CVE-2024-39130
CVE-2024-39133	None	June 27, 2024, 8:15 p.m.	zziplib	cve@mitre.org 2024-06-27 CVE-2024-39133
CVE-2024-39207	None	June 27, 2024, 8:15 p.m.	lua-shmem	cve@mitre.org 2024-06-27 CVE-2024-39207
CVE-2024-39208	None	June 27, 2024, 8:15 p.m.	luci-app-lucky	cve@mitre.org 2024-06-27 CVE-2024-39208
CVE-2024-36072	None	June 27, 2024, 9:15 p.m.	Netwrix CoSoSys Endpoint Protector	cve@mitre.org 2024-06-27 CVE-2024-36072
CVE-2024-36073	None	June 27, 2024, 9:15 p.m.	Netwrix CoSoSys Endpoint Protector	cve@mitre.org 2024-06-27 CVE-2024-36073
CVE-2024-36074	None	June 27, 2024, 9:15 p.m.	Netwrix CoSoSys Endpoint Protector	cve@mitre.org 2024-06-27 CVE-2024-36074
CVE-2024-36075	None	June 27, 2024, 9:15 p.m.	CoSoSys Unify	cve@mitre.org 2024-06-27 CVE-2024-36075
CVE-2024-36755	None	June 27, 2024, 9:15 p.m.	D-Link DIR-1950	cve@mitre.org 2024-06-27 CVE-2024-36755
CVE-2024-39132	None	June 27, 2024, 9:15 p.m.	DumpTS	cve@mitre.org 2024-06-27 CVE-2024-39132
CVE-2024-39134	None	June 27, 2024, 9:15 p.m.	zziplib	cve@mitre.org 2024-06-27 CVE-2024-39134
CVE-2024-39209	None	June 27, 2024, 9:15 p.m.	UNKNOWN	cve@mitre.org 2024-06-27 CVE-2024-39209
CVE-2024-5642	None	June 27, 2024, 9:15 p.m.	CPython	cna@python.org 2024-06-27 CVE-2024-5642
CVE-2023-52892	None	June 27, 2024, 10:15 p.m.	phpseclib	cve@mitre.org 2024-06-27 CVE-2023-52892
CVE-2024-36059	None	June 27, 2024, 10:15 p.m.	Kalkitech ASE ASE61850 IEDSmart	cve@mitre.org 2024-06-27 CVE-2024-36059
CVE-2024-39705	None	June 27, 2024, 10:15 p.m.	NLTK	cve@mitre.org 2024-06-27 CVE-2024-39705
CVE-2024-4395	None	June 27, 2024, 10:15 p.m.	Jamf Compliance Editor	2024-06-27 CVE-2024-4395 67325c3f-c596-46c5-a235-e1a1e73abe4e

» Click here to see all Vulnerabilities «

Tag : 2024-06-27

Attack Reports

Vulnerabilities