SecuriTricks - 2024-09-23

Title	Published	Tags	Description	Number of indicators
From initial compromise to ransomware and wipers	Sept. 23, 2024, 3:29 p.m.	cobalt strike chaos 2024-09-23 facefish lockbit 3.0 shamoon	The Twelve group, formed in April 2023 amid the Russian-Ukrainian conflict, specializes in attacking Russian government organizat…	20

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-0001	10.0	Sept. 23, 2024, 6:15 p.m.	FlashArray Purity	CWE-1188 psirt@purestorage.com 2024-09-23 CVE-2024-0001
CVE-2024-0002	10.0	Sept. 23, 2024, 6:15 p.m.	FlashArray Purity	CWE-287 psirt@purestorage.com 2024-09-23 CVE-2024-0002
CVE-2024-9014	9.9	Sept. 23, 2024, 5:15 p.m.	pgAdmin	f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 CWE-522 2024-09-23 CVE-2024-9014
CVE-2024-34331	9.8	Sept. 23, 2024, 4:15 p.m.	Parallels Desktop for Mac	cve@mitre.org CWE-269 2024-09-23 CVE-2024-34331
CVE-2024-46997	9.8	Sept. 23, 2024, 4:15 p.m.	DataEase	security-advisories@github.com CWE-74 2024-09-23 CVE-2024-46997
CVE-2024-0003	9.1	Sept. 23, 2024, 6:15 p.m.	FlashArray Purity	CWE-269 psirt@purestorage.com 2024-09-23 CVE-2024-0003
CVE-2024-0004	9.1	Sept. 23, 2024, 6:15 p.m.	FlashArray Purity	CWE-94 psirt@purestorage.com 2024-09-23 CVE-2024-0004
CVE-2024-0005	9.1	Sept. 23, 2024, 6:15 p.m.	Pure Storage FlashArray	CWE-77 psirt@purestorage.com 2024-09-23 CVE-2024-0005
CVE-2024-47066	9.0	Sept. 23, 2024, 4:15 p.m.	Lobe Chat	security-advisories@github.com CWE-918 2024-09-23 CVE-2024-47066
CVE-2024-23934	8.8	Sept. 23, 2024, 3:15 p.m.	Sony XAV-AX5500	CWE-120 CWE-121 cve@asrg.io 2024-09-23 CVE-2024-23934
CVE-2024-43201	8.8	Sept. 23, 2024, 8:15 p.m.	Planet Fitness Workouts iOS App	CWE-295 9119a7d8-5eab-497f-8521-727c672e3725 2024-09-23 CVE-2024-43201
CVE-2024-41228	7.6	Sept. 23, 2024, 4:15 p.m.	AliyunContainerService pouch	cve@mitre.org CWE-269 2024-09-23 CVE-2024-41228
CVE-2024-46639	7.6	Sept. 23, 2024, 8:15 p.m.	HelpDeskZ	cve@mitre.org CWE-94 2024-09-23 CVE-2024-46639
CVE-2024-43989	7.5	Sept. 23, 2024, 12:15 a.m.	Justified Image Grid	audit@patchstack.com CWE-918 2024-09-23 CVE-2024-43989
CVE-2024-46985	7.5	Sept. 23, 2024, 4:15 p.m.	DataEase	security-advisories@github.com CWE-611 2024-09-23 CVE-2024-46985
CVE-2024-9091	7.3	Sept. 23, 2024, 12:15 a.m.	Student Record System	CWE-89 cna@vuldb.com 2024-09-23 CVE-2024-9091
CVE-2024-39842	7.2	Sept. 23, 2024, 7:15 p.m.	Centreon	cve@mitre.org CWE-89 2024-09-23 CVE-2024-39842
CVE-2024-23922	6.8	Sept. 23, 2024, 3:15 p.m.	Sony XAV-AX5500	CWE-345 cve@asrg.io 2024-09-23 CVE-2024-23922
CVE-2024-23933	6.8	Sept. 23, 2024, 3:15 p.m.	Sony XAV-AX5500 CarPlay	CWE-120 CWE-121 cve@asrg.io 2024-09-23 CVE-2024-23933
CVE-2024-23972	6.8	Sept. 23, 2024, 3:15 p.m.	Sony XAV-AX5500	CWE-120 cve@asrg.io 2024-09-23 CVE-2024-23972
CVE-2024-39843	6.7	Sept. 23, 2024, 7:15 p.m.	Centreon	cve@mitre.org CWE-89 2024-09-23 CVE-2024-39843
CVE-2024-39342	6.6	Sept. 23, 2024, 6:15 p.m.	Entrust Instant Financial Issuance (formerly known as Cardwizard)	cve@mitre.org CWE-269 2024-09-23 CVE-2024-39342
CVE-2024-44540	6.6	Sept. 23, 2024, 8:15 p.m.	Ubiquiti AirMax firmware	cve@mitre.org CWE-269 2024-09-23 CVE-2024-44540
CVE-2024-43996	6.5	Sept. 23, 2024, 1:15 a.m.	ElementsKit Pro	audit@patchstack.com CWE-22 2024-09-23 CVE-2024-43996
CVE-2024-44048	6.5	Sept. 23, 2024, 1:15 a.m.	wpWax Product Carousel Slider & Grid Ultimate for WooCommerce	audit@patchstack.com CWE-22 2024-09-23 CVE-2024-44048
CVE-2024-45348	6.4	Sept. 23, 2024, 9:15 a.m.	Xiaomi Router AX9000	CWE-77 security@xiaomi.com 2024-09-23 CVE-2024-45348
CVE-2024-9090	6.3	Sept. 23, 2024, 12:15 a.m.	Modern Loan Management System	CWE-89 cna@vuldb.com 2024-09-23 CVE-2024-9090
CVE-2024-9093	6.3	Sept. 23, 2024, 1:15 a.m.	SourceCodester Profile Registration without Reload Refresh	CWE-89 cna@vuldb.com 2024-09-23 CVE-2024-9093
CVE-2024-9094	6.3	Sept. 23, 2024, 2:15 a.m.	Blood Bank System	CWE-89 cna@vuldb.com 2024-09-23 CVE-2024-9094
CVE-2024-47068	6.1	Sept. 23, 2024, 4:15 p.m.	Rollup	security-advisories@github.com CWE-79 2024-09-23 CVE-2024-47068
CVE-2024-47069	6.1	Sept. 23, 2024, 4:15 p.m.	Contao Open Source CMS	security-advisories@github.com CWE-79 2024-09-23 CVE-2024-47069
CVE-2024-46241	5.9	Sept. 23, 2024, 1:15 p.m.	Dairy Farm Shop Management System	cve@mitre.org CWE-79 2024-09-23 CVE-2024-46241
CVE-2024-37779	5.7	Sept. 23, 2024, 8:15 p.m.	WoodWing Elvis DAM	cve@mitre.org CWE-94 2024-09-23 CVE-2024-37779
CVE-2024-7846	5.4	Sept. 23, 2024, 6:15 a.m.	YITH WooCommerce Ajax Search	contact@wpscan.com 2024-09-23 CVE-2024-7846
CVE-2023-46948	5.4	Sept. 23, 2024, 6:15 p.m.	Temenos T24 Browser	cve@mitre.org CWE-79 2024-09-23 CVE-2023-46948
CVE-2024-8903	4.7	Sept. 23, 2024, 9:15 a.m.	Acronis Cyber Protect Cloud Agent (Windows, macOS)	CWE-250 security@acronis.com 2024-09-23 CVE-2024-8903
CVE-2024-45453	3.7	Sept. 23, 2024, 1:15 a.m.	Maintenance Redirect	audit@patchstack.com CWE-290 2024-09-23 CVE-2024-45453
CVE-2024-9089	3.5	Sept. 23, 2024, 12:15 a.m.	SourceCodester Modern Loan Management System	CWE-79 cna@vuldb.com 2024-09-23 CVE-2024-9089
CVE-2024-9092	3.5	Sept. 23, 2024, 1:15 a.m.	SourceCodester Profile Registration without Reload Refresh	CWE-79 cna@vuldb.com 2024-09-23 CVE-2024-9092
CVE-2024-47227	None	Sept. 23, 2024, 4:15 a.m.	iRedAdmin	cve@mitre.org 2024-09-23 CVE-2024-47227
CVE-2024-8758	None	Sept. 23, 2024, 6:15 a.m.	Quiz and Survey Master (QSM) WordPress plugin	contact@wpscan.com 2024-09-23 CVE-2024-8758
CVE-2024-8606	None	Sept. 23, 2024, 7:15 a.m.	Checkmk	CWE-863 security@checkmk.com 2024-09-23 CVE-2024-8606
CVE-2022-48945	None	Sept. 23, 2024, 10:15 a.m.	Linux kernel	416baaa9-dc9f-4396-8d5f-8c081fb06d67 2024-09-23 CVE-2022-48945
CVE-2024-46544	None	Sept. 23, 2024, 11:15 a.m.	Apache Tomcat Connectors	security@apache.org CWE-276 2024-09-23 CVE-2024-46544
CVE-2024-7735	None	Sept. 23, 2024, 12:15 p.m.	Exnet Informatics Software Ferry Reservation System	CWE-89 iletisim@usom.gov.tr 2024-09-23 CVE-2024-7735
CVE-2024-7835	None	Sept. 23, 2024, 12:15 p.m.	Exnet Informatics Software Ferry Reservation System	CWE-79 iletisim@usom.gov.tr 2024-09-23 CVE-2024-7835
CVE-2024-40441	None	Sept. 23, 2024, 5:15 p.m.	Doccano Open source annotation tools	cve@mitre.org 2024-09-23 CVE-2024-40441
CVE-2024-40442	None	Sept. 23, 2024, 5:15 p.m.	Doccano	cve@mitre.org 2024-09-23 CVE-2024-40442
CVE-2024-39341	None	Sept. 23, 2024, 6:15 p.m.	Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard)	cve@mitre.org 2024-09-23 CVE-2024-39341
CVE-2024-47222	None	Sept. 23, 2024, 8:15 p.m.	Cloud MyOffice SDK Collaborative Editing Server	cve@mitre.org 2024-09-23 CVE-2024-47222
CVE-2024-42861	None	Sept. 23, 2024, 9:15 p.m.	linuxptp	cve@mitre.org 2024-09-23 CVE-2024-42861
CVE-2024-8263	None	Sept. 23, 2024, 9:15 p.m.	GitHub Enterprise Server	CWE-269 product-cna@github.com 2024-09-23 CVE-2024-8263
CVE-2024-8770	None	Sept. 23, 2024, 9:15 p.m.	GitHub Enterprise Server	CWE-79 product-cna@github.com 2024-09-23 CVE-2024-8770
CVE-2018-20072	None	Sept. 23, 2024, 10:15 p.m.	Google Chrome	chrome-cve-admin@google.com 2024-09-23 CVE-2018-20072
CVE-2021-38023	None	Sept. 23, 2024, 10:15 p.m.	Google Chrome	chrome-cve-admin@google.com CWE-416 2024-09-23 CVE-2021-38023
CVE-2023-7281	None	Sept. 23, 2024, 10:15 p.m.	Google Chrome	chrome-cve-admin@google.com 2024-09-23 CVE-2023-7281
CVE-2023-7282	None	Sept. 23, 2024, 10:15 p.m.	Google Chrome	chrome-cve-admin@google.com 2024-09-23 CVE-2023-7282
CVE-2024-7018	None	Sept. 23, 2024, 10:15 p.m.	Google Chrome	chrome-cve-admin@google.com CWE-122 2024-09-23 CVE-2024-7018
CVE-2024-7019	None	Sept. 23, 2024, 10:15 p.m.	Google Chrome	chrome-cve-admin@google.com 2024-09-23 CVE-2024-7019
CVE-2024-7020	None	Sept. 23, 2024, 10:15 p.m.	Google Chrome	chrome-cve-admin@google.com 2024-09-23 CVE-2024-7020
CVE-2024-7022	None	Sept. 23, 2024, 10:15 p.m.	Google Chrome	chrome-cve-admin@google.com CWE-457 2024-09-23 CVE-2024-7022

» Click here to see all Vulnerabilities «

Tag : 2024-09-23

Attack Reports

Vulnerabilities