SecuriTricks - 2024-09-26

Title	Published	Tags	Description	Number of indicators
WalletConnect Scam: A Case Study in Crypto Drainer Tactics	Sept. 26, 2024, 5:54 p.m.	android cryptocurrency mobile malware 2024-09-26 ms drainer	An investigation uncovered a malicious app on Google Play targeting mobile users to steal cryptocurrency. The app, posing as a le…	6
Unraveling Tool Set: KLogEXE and FPSpy	Sept. 26, 2024, 4:15 p.m.	2024-09-26 fpspy klogexe	Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). …	8
Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy	Sept. 26, 2024, 4:15 p.m.	2024-09-26 fpspy klogexe	Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). …	0
A hard look at BBTok	Sept. 26, 2024, 12:55 p.m.	bbtok 2024-09-26	This analysis dissects the infection chain of BBTok, a Brazilian-targeted threat. The malware utilizes an ISO image containing a …	19
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell	Sept. 26, 2024, 12:55 p.m.	bbtok 2024-09-26	This analysis dissects the infection chain of BBTok, a Brazilian-targeted threat. The malware utilizes an ISO image containing a …	0

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-7772	9.8	Sept. 26, 2024, 5:15 a.m.	Jupiter X Core plugin for WordPress	security@wordfence.com CWE-434 2024-09-26 CVE-2024-7772
CVE-2024-0132	9.0	Sept. 26, 2024, 6:15 a.m.	NVIDIA Container Toolkit	CWE-367 psirt@nvidia.com 2024-09-26 CVE-2024-0132
CVE-2024-47177	9.0	Sept. 26, 2024, 10:15 p.m.	CUPS	security-advisories@github.com CWE-77 2024-09-26 CVE-2024-47177
CVE-2024-45979	8.8	Sept. 26, 2024, 5:15 p.m.	Lines Police CAD	cve@mitre.org CWE-601 2024-09-26 CVE-2024-45979
CVE-2024-45980	8.8	Sept. 26, 2024, 5:15 p.m.	MEANStore	cve@mitre.org CWE-640 2024-09-26 CVE-2024-45980
CVE-2024-45981	8.8	Sept. 26, 2024, 5:15 p.m.	BookReviewLibrary	cve@mitre.org CWE-601 2024-09-26 CVE-2024-45981
CVE-2024-45982	8.8	Sept. 26, 2024, 5:15 p.m.	scheduleR	cve@mitre.org CWE-284 2024-09-26 CVE-2024-45982
CVE-2024-47169	8.8	Sept. 26, 2024, 6:15 p.m.	Agnai	security-advisories@github.com CWE-35 2024-09-26 CVE-2024-47169
CVE-2024-47179	8.8	Sept. 26, 2024, 8:15 p.m.	RSSHub	CWE-20 security-advisories@github.com 2024-09-26 CVE-2024-47179
CVE-2024-47180	8.8	Sept. 26, 2024, 8:15 p.m.	Shields.io	security-advisories@github.com CWE-74 2024-09-26 CVE-2024-47180
CVE-2024-47076	8.6	Sept. 26, 2024, 10:15 p.m.	CUPS	CWE-20 security-advisories@github.com 2024-09-26 CVE-2024-47076
CVE-2024-47175	8.6	Sept. 26, 2024, 10:15 p.m.	CUPS	CWE-20 security-advisories@github.com 2024-09-26 CVE-2024-47175
CVE-2024-41605	8.4	Sept. 26, 2024, 4:15 p.m.	Foxit PDF Reader	cve@mitre.org CWE-284 2024-09-26 CVE-2024-41605
CVE-2024-47176	8.3	Sept. 26, 2024, 10:15 p.m.	CUPS	security-advisories@github.com CWE-1327 2024-09-26 CVE-2024-47176
CVE-2023-52946	8.2	Sept. 26, 2024, 4:15 a.m.	Synology Drive Client	CWE-120 security@synology.com 2024-09-26 CVE-2023-52946
CVE-2024-7781	8.1	Sept. 26, 2024, 5:15 a.m.	Jupiter X Core plugin for WordPress	security@wordfence.com CWE-288 2024-09-26 CVE-2024-7781
CVE-2024-46328	8.0	Sept. 26, 2024, 2:15 p.m.	VONETS VAP11G-300	cve@mitre.org CWE-259 2024-09-26 CVE-2024-46328
CVE-2024-46329	8.0	Sept. 26, 2024, 2:15 p.m.	VONETS VAP11G-300	cve@mitre.org CWE-78 2024-09-26 CVE-2024-46329
CVE-2024-46628	8.0	Sept. 26, 2024, 8:15 p.m.	Tenda G3 Router firmware	cve@mitre.org CWE-78 2024-09-26 CVE-2024-46628
CVE-2024-8404	7.8	Sept. 26, 2024, 2:15 a.m.	PaperCut NG/MF	CWE-59 eb41dac7-0af8-4f84-9f6d-0272772514f4 2024-09-26 CVE-2024-8404
CVE-2022-49038	7.8	Sept. 26, 2024, 4:15 a.m.	Synology Drive Client	security@synology.com CWE-829 2024-09-26 CVE-2022-49038
CVE-2024-47045	7.8	Sept. 26, 2024, 4:15 a.m.	NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Home GateWay/Hikari Denwa routers	vultures@jpcert.or.jp CWE-451 2024-09-26 CVE-2024-47045 CWE-268
CVE-2024-9198	7.6	Sept. 26, 2024, 10:15 a.m.	Clibo Manager	CWE-79 cve-coordination@incibe.es 2024-09-26 CVE-2024-9198
CVE-2024-8126	7.5	Sept. 26, 2024, 11:15 a.m.	Advanced File Manager plugin for WordPress	security@wordfence.com CWE-434 2024-09-26 CVE-2024-8126
CVE-2024-37125	7.5	Sept. 26, 2024, 5:15 p.m.	Dell SmartFabric OS10 Software	security_alert@emc.com CWE-400 2024-09-26 CVE-2024-37125
CVE-2024-44860	7.5	Sept. 26, 2024, 5:15 p.m.	Solvait	cve@mitre.org CWE-284 2024-09-26 CVE-2024-44860
CVE-2024-7594	7.5	Sept. 26, 2024, 8:15 p.m.	Vault	CWE-732 security@hashicorp.com 2024-09-26 CVE-2024-7594
CVE-2024-46330	7.4	Sept. 26, 2024, 2:15 p.m.	VONETS VAP11G-300	cve@mitre.org CWE-78 2024-09-26 CVE-2024-46330
CVE-2022-4541	7.2	Sept. 26, 2024, 10:15 a.m.	WordPress Visitors plugin	CWE-79 security@wordfence.com 2024-09-26 CVE-2022-4541
CVE-2024-8704	7.2	Sept. 26, 2024, 11:15 a.m.	WordPress Advanced File Manager plugin	security@wordfence.com CWE-22 2024-09-26 CVE-2024-8704
CVE-2024-43191	7.2	Sept. 26, 2024, 4:15 p.m.	IBM ManageIQ	psirt@us.ibm.com CWE-502 2024-09-26 CVE-2024-43191
CVE-2024-39577	7.1	Sept. 26, 2024, 6:15 p.m.	Dell SmartFabric OS10 Software	security_alert@emc.com CWE-77 2024-09-26 CVE-2024-39577
CVE-2024-8725	6.8	Sept. 26, 2024, 11:15 a.m.	WordPress	security@wordfence.com CWE-434 2024-09-26 CVE-2024-8725
CVE-2022-49039	6.7	Sept. 26, 2024, 4:15 a.m.	Synology Drive Client	CWE-787 security@synology.com 2024-09-26 CVE-2022-49039
CVE-2024-30134	6.7	Sept. 26, 2024, 3:15 p.m.	HCL Traveler for Microsoft Outlook	CWE-295 psirt@hcl.com 2024-09-26 CVE-2024-30134
CVE-2024-6769	6.7	Sept. 26, 2024, 9:15 p.m.	Microsoft Windows	CWE-426 df4dee71-de3a-4139-9588-11b62fe6c0ff 2024-09-26 CVE-2024-6769
CVE-2022-49037	6.5	Sept. 26, 2024, 4:15 a.m.	Synology Drive Client	CWE-532 security@synology.com 2024-09-26 CVE-2022-49037
CVE-2024-47003	6.5	Sept. 26, 2024, 8:15 a.m.	Mattermost	CWE-400 responsibledisclosure@mattermost.com NVD-CWE-noinfo 2024-09-26 CVE-2024-47003
CVE-2024-41722	6.5	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin	ics-cert@hq.dhs.gov CWE-1390 2024-09-26 CVE-2024-41722
CVE-2024-45723	6.5	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin	ics-cert@hq.dhs.gov CWE-338 2024-09-26 CVE-2024-45723
CVE-2024-8723	6.4	Sept. 26, 2024, 3:15 a.m.	012 Ps Multi Languages plugin for WordPress	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-8723
CVE-2024-8861	6.4	Sept. 26, 2024, 8:15 a.m.	ProfileGrid WordPress plugin	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-8861
CVE-2024-9115	6.4	Sept. 26, 2024, 10:15 a.m.	WordPress Common Tools for Site plugin	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-9115
CVE-2024-9117	6.4	Sept. 26, 2024, 10:15 a.m.	Mapplic Lite plugin for WordPress	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-9117
CVE-2024-9125	6.4	Sept. 26, 2024, 10:15 a.m.	king_IE plugin for WordPress	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-9125
CVE-2024-9127	6.4	Sept. 26, 2024, 10:15 a.m.	Super Testimonials plugin for WordPress	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-9127
CVE-2024-9173	6.4	Sept. 26, 2024, 10:15 a.m.	GF Custom Style plugin for WordPress	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-9173
CVE-2024-9177	6.4	Sept. 26, 2024, 2:15 p.m.	Themedy Toolbox plugin for WordPress	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-9177
CVE-2024-47075	6.4	Sept. 26, 2024, 6:15 p.m.	LayUI	security-advisories@github.com CWE-79 2024-09-26 CVE-2024-47075
CVE-2024-45983	6.3	Sept. 26, 2024, 4:15 p.m.	kishan0725's Hospital Management System	cve@mitre.org CWE-352 2024-09-26 CVE-2024-45983
CVE-2024-8405	6.1	Sept. 26, 2024, 2:15 a.m.	PaperCut NG/MF	CWE-77 eb41dac7-0af8-4f84-9f6d-0272772514f4 2024-09-26 CVE-2024-8405
CVE-2024-8803	6.1	Sept. 26, 2024, 3:15 a.m.	Bulk NoIndex & NoFollow Toolkit plugin for WordPress	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-8803
CVE-2024-8872	6.1	Sept. 26, 2024, 9:15 a.m.	Store Hours for WooCommerce plugin for WordPress	security@wordfence.com CWE-80 2024-09-26 CVE-2024-8872
CVE-2024-47174	5.9	Sept. 26, 2024, 6:15 p.m.	Nix Package Manager	security-advisories@github.com CWE-287 2024-09-26 CVE-2024-47174
CVE-2024-9199	5.8	Sept. 26, 2024, 10:15 a.m.	Clibo Manager	cve-coordination@incibe.es CWE-799 2024-09-26 CVE-2024-9199
CVE-2024-46327	5.7	Sept. 26, 2024, 2:15 p.m.	VONETS VAP11G-300	cve@mitre.org CWE-22 2024-09-26 CVE-2024-46327
CVE-2023-52949	5.5	Sept. 26, 2024, 4:15 a.m.	Synology Active Backup for Business Agent	CWE-306 security@synology.com 2024-09-26 CVE-2023-52949
CVE-2024-8633	5.5	Sept. 26, 2024, 12:15 p.m.	Form Maker by 10Web plugin for WordPress	CWE-79 security@wordfence.com 2024-09-26 CVE-2024-8633
CVE-2024-42406	5.4	Sept. 26, 2024, 8:15 a.m.	Mattermost	CWE-284 responsibledisclosure@mattermost.com 2024-09-26 CVE-2024-42406
CVE-2024-45843	5.4	Sept. 26, 2024, 8:15 a.m.	Mattermost	CWE-918 responsibledisclosure@mattermost.com 2024-09-26 CVE-2024-45843
CVE-2024-45986	5.4	Sept. 26, 2024, 9:15 p.m.	Projectworld Online Voting System	cve@mitre.org CWE-79 2024-09-26 CVE-2024-45986
CVE-2023-52950	5.3	Sept. 26, 2024, 4:15 a.m.	Synology Active Backup for Business Agent	CWE-311 security@synology.com 2024-09-26 CVE-2023-52950
CVE-2024-47044	5.3	Sept. 26, 2024, 9:15 a.m.	Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION	vultures@jpcert.or.jp CWE-451 2024-09-26 CVE-2024-47044
CVE-2024-9025	5.3	Sept. 26, 2024, 9:15 a.m.	The Sight - Professional Image Gallery and Portfolio plugin for WordPress	security@wordfence.com CWE-862 2024-09-26 CVE-2024-9025
CVE-2024-39319	5.3	Sept. 26, 2024, 4:15 p.m.	aimeos/ai-controller-frontend	security-advisories@github.com CWE-639 2024-09-26 CVE-2024-39319
CVE-2024-43108	5.3	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin	ics-cert@hq.dhs.gov CWE-353 2024-09-26 CVE-2024-43108
CVE-2024-45374	5.3	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin application	ics-cert@hq.dhs.gov CWE-521 2024-09-26 CVE-2024-45374
CVE-2023-52948	5.0	Sept. 26, 2024, 4:15 a.m.	Synology Active Backup for Business Agent	CWE-311 security@synology.com 2024-09-26 CVE-2023-52948
CVE-2024-45984	4.7	Sept. 26, 2024, 6:15 p.m.	Blood Bank And Donation Management System	cve@mitre.org CWE-79 2024-09-26 CVE-2024-45984
CVE-2024-45985	4.7	Sept. 26, 2024, 6:15 p.m.	Blood Bank and Donation Management System	cve@mitre.org CWE-79 2024-09-26 CVE-2024-45985
CVE-2022-49040	4.4	Sept. 26, 2024, 4:15 a.m.	Synology Drive Client	CWE-120 security@synology.com 2024-09-26 CVE-2022-49040
CVE-2022-49041	4.4	Sept. 26, 2024, 4:15 a.m.	Synology Drive Client	CWE-120 security@synology.com 2024-09-26 CVE-2022-49041
CVE-2023-46175	4.4	Sept. 26, 2024, 2:15 p.m.	IBM Cloud Pak for Multicloud Management	psirt@us.ibm.com CWE-532 2024-09-26 CVE-2023-46175
CVE-2024-7259	4.4	Sept. 26, 2024, 4:15 p.m.	oVirt	secalert@redhat.com CWE-312 2024-09-26 CVE-2024-7259
CVE-2024-45042	4.4	Sept. 26, 2024, 6:15 p.m.	Ory Kratos	security-advisories@github.com CWE-287 2024-09-26 CVE-2024-45042
CVE-2024-47330	4.3	Sept. 26, 2024, 3:15 a.m.	Supsystic Slider	audit@patchstack.com CWE-862 2024-09-26 CVE-2024-47330
CVE-2024-8552	4.3	Sept. 26, 2024, 3:15 a.m.	WordPress Download Monitor plugin	security@wordfence.com CWE-862 2024-09-26 CVE-2024-8552
CVE-2024-47145	4.3	Sept. 26, 2024, 8:15 a.m.	Mattermost	CWE-284 responsibledisclosure@mattermost.com NVD-CWE-noinfo 2024-09-26 CVE-2024-47145
CVE-2024-47337	4.3	Sept. 26, 2024, 9:15 a.m.	Joy Of Text Lite	audit@patchstack.com CWE-862 2024-09-26 CVE-2024-47337
CVE-2024-31899	4.3	Sept. 26, 2024, 2:15 p.m.	IBM Cognos Command Center	psirt@us.ibm.com CWE-256 2024-09-26 CVE-2024-31899
CVE-2024-9155	4.3	Sept. 26, 2024, 3:15 p.m.	Mattermost	CWE-863 responsibledisclosure@mattermost.com 2024-09-26 CVE-2024-9155
CVE-2024-46632	4.3	Sept. 26, 2024, 4:15 p.m.	Assimp	cve@mitre.org CWE-122 2024-09-26 CVE-2024-46632
CVE-2024-8771	4.3	Sept. 26, 2024, 4:15 p.m.	Email Subscribers by Icegram	security@wordfence.com CWE-862 2024-09-26 CVE-2024-8771
CVE-2024-41715	4.3	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin	ics-cert@hq.dhs.gov CWE-204 2024-09-26 CVE-2024-41715
CVE-2024-41931	4.3	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin	ics-cert@hq.dhs.gov CWE-201 2024-09-26 CVE-2024-41931
CVE-2024-43694	4.3	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin application	ics-cert@hq.dhs.gov CWE-922 2024-09-26 CVE-2024-43694
CVE-2024-43814	4.3	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin	ics-cert@hq.dhs.gov CWE-201 2024-09-26 CVE-2024-43814
CVE-2024-45838	4.3	Sept. 26, 2024, 6:15 p.m.	goTenna Pro ATAK Plugin	ics-cert@hq.dhs.gov CWE-319 2024-09-26 CVE-2024-45838
CVE-2024-47170	4.3	Sept. 26, 2024, 6:15 p.m.	Agnai	security-advisories@github.com CWE-35 2024-09-26 CVE-2024-47170
CVE-2024-47171	4.3	Sept. 26, 2024, 6:15 p.m.	Agnai	security-advisories@github.com CWE-35 2024-09-26 CVE-2024-47171
CVE-2024-0133	4.1	Sept. 26, 2024, 6:15 a.m.	NVIDIA Container Toolkit	CWE-367 psirt@nvidia.com 2024-09-26 CVE-2024-0133
CVE-2023-52947	4.0	Sept. 26, 2024, 4:15 a.m.	Synology Active Backup for Business Agent	CWE-306 security@synology.com 2024-09-26 CVE-2023-52947
CVE-2024-4278	2.7	Sept. 26, 2024, 7:15 a.m.	GitLab EE	cve@gitlab.com CWE-821 CWE-662 2024-09-26 CVE-2024-4278
CVE-2024-9203	2.5	Sept. 26, 2024, 5:15 p.m.	Enpass Password Manager	cna@vuldb.com CWE-316 2024-09-26 CVE-2024-9203
CVE-2024-47123	0.0	Sept. 26, 2024, 6:15 p.m.	goTenna Pro series	ics-cert@hq.dhs.gov CWE-353 2024-09-26 CVE-2024-47123
CVE-2024-45372	None	Sept. 26, 2024, 5:15 a.m.	MZK-DP300N firmware	vultures@jpcert.or.jp CWE-352 2024-09-26 CVE-2024-45372
CVE-2024-45836	None	Sept. 26, 2024, 5:15 a.m.	PLANEX COMMUNICATIONS network cameras	CWE-79 vultures@jpcert.or.jp 2024-09-26 CVE-2024-45836
CVE-2024-6517	None	Sept. 26, 2024, 6:15 a.m.	Contact Form 7 Math Captcha WordPress plugin	contact@wpscan.com 2024-09-26 CVE-2024-6517
CVE-2024-47197	None	Sept. 26, 2024, 8:15 a.m.	Maven Archetype Plugin	CWE-200 security@apache.org 2024-09-26 CVE-2024-47197
CVE-2024-7107	None	Sept. 26, 2024, 12:15 p.m.	National Keep Cyber Security Services CyberMath	CWE-552 iletisim@usom.gov.tr 2024-09-26 CVE-2024-7107
CVE-2024-7108	None	Sept. 26, 2024, 12:15 p.m.	CyberMath	CWE-863 iletisim@usom.gov.tr 2024-09-26 CVE-2024-7108
CVE-2024-46627	None	Sept. 26, 2024, 5:15 p.m.	DATAGERRY	cve@mitre.org 2024-09-26 CVE-2024-46627
CVE-2024-9166	None	Sept. 26, 2024, 5:15 p.m.	UNKNOWN	ics-cert@hq.dhs.gov CWE-78 2024-09-26 CVE-2024-9166
CVE-2024-45987	None	Sept. 26, 2024, 6:15 p.m.	Projectworld Online Voting System	cve@mitre.org 2024-09-26 CVE-2024-45987
CVE-2024-45989	None	Sept. 26, 2024, 6:15 p.m.	Monica AI Assistant desktop application	cve@mitre.org 2024-09-26 CVE-2024-45989
CVE-2024-47121	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro series	ics-cert@hq.dhs.gov CWE-521 2024-09-26 CVE-2024-47121
CVE-2024-47122	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro application	ics-cert@hq.dhs.gov CWE-922 2024-09-26 CVE-2024-47122
CVE-2024-47124	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro Series	ics-cert@hq.dhs.gov CWE-319 2024-09-26 CVE-2024-47124
CVE-2024-47125	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro series	ics-cert@hq.dhs.gov CWE-923 2024-09-26 CVE-2024-47125
CVE-2024-47126	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro series	ics-cert@hq.dhs.gov CWE-338 2024-09-26 CVE-2024-47126
CVE-2024-47127	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro	ics-cert@hq.dhs.gov CWE-1390 2024-09-26 CVE-2024-47127
CVE-2024-47128	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro	ics-cert@hq.dhs.gov CWE-201 2024-09-26 CVE-2024-47128
CVE-2024-47129	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro	ics-cert@hq.dhs.gov CWE-204 2024-09-26 CVE-2024-47129
CVE-2024-47130	None	Sept. 26, 2024, 6:15 p.m.	goTenna Pro series	ics-cert@hq.dhs.gov CWE-306 2024-09-26 CVE-2024-47130
CVE-2024-8118	None	Sept. 26, 2024, 7:15 p.m.	Grafana	security@grafana.com CWE-653 2024-09-26 CVE-2024-8118
CVE-2024-40506	None	Sept. 26, 2024, 10:15 p.m.	openPetra	cve@mitre.org 2024-09-26 CVE-2024-40506
CVE-2024-40507	None	Sept. 26, 2024, 10:15 p.m.	openPetra	cve@mitre.org 2024-09-26 CVE-2024-40507
CVE-2024-40508	None	Sept. 26, 2024, 10:15 p.m.	openPetra	cve@mitre.org 2024-09-26 CVE-2024-40508

» Click here to see all Vulnerabilities «

Tag : 2024-09-26

Attack Reports

Vulnerabilities