Security Vulnerabilities - CVEs Published In July 2024
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.
CVSS Score
5.2
EPSS Score
0.036
Published
2024-07-31
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. The domainpassword in the hostinfo dump is hidden even to authenticated users, as it is displayed as a row of asterisks when navigating to the host's Active Directory settings. This vulnerability is fixed in 1.5.10.41.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-31
Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.
CVSS Score
7.6
EPSS Score
0.012
Published
2024-07-31
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-31
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-07-31
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
CVSS Score
5.6
EPSS Score
0.0
Published
2024-07-31
Remote Code Execution in Cato Windows SDP client via crafted URLs.
This issue affects Windows SDP Client before 5.10.34.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-07-31
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-07-31
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.
This issue affects SDP Client before 5.10.34.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-07-31
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-31