Security Vulnerabilities - CVEs Published In July 2024
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-31
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.
CVSS Score
5.2
EPSS Score
0.141
Published
2024-07-31
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. The domainpassword in the hostinfo dump is hidden even to authenticated users, as it is displayed as a row of asterisks when navigating to the host's Active Directory settings. This vulnerability is fixed in 1.5.10.41.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-07-31
Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.
CVSS Score
7.6
EPSS Score
0.044
Published
2024-07-31
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-07-31
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
CVSS Score
4.9
EPSS Score
0.012
Published
2024-07-31
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
CVSS Score
5.6
EPSS Score
0.001
Published
2024-07-31
Remote Code Execution in Cato Windows SDP client via crafted URLs.
This issue affects Windows SDP Client before 5.10.34.
CVSS Score
7.5
EPSS Score
0.015
Published
2024-07-31
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-31
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.
This issue affects SDP Client before 5.10.34.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-31