The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4323 Severity: 9 CRITICAL Impacted Products: Fluent Bit versions 2.0.7 thru 3.0.3. Description: A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-32002 Severity: 9 CRITICAL Impacted Products: Git prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 Description: Repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule’s worktree but into a .…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4547 & CVE-2024-4548 Severity: 9.8 CRITICAL Impacted Products: Delta Electronics DIAEnergie v1.10.1.8610 and prior Description: A SQL injection vulnerability exists in Delta Electronics DIAEnergie when CEBC.exe processes a ‘RecalculateHDMWYC’ or ‘RecalculateScript’ message. This message is split into four fields using ‘~’ as the separator, and an unauthenticated remote attacker can exploit this vulnerability through the fourth field to perform SQL injection.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-32651 Severity: 10.0 CRITICAL Impacted Products: changedetection.io (specifically the use of Jinja2 for server-side template rendering) Description: This CVE identifies a critical Server Side Template Injection (SSTI) vulnerability in Jinja2 used by changedetection.io, which allows for Remote Command Execution (RCE) on the server host.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3400 Severity: 10 CRITICAL Impacted Products: Palo Alto Networks PAN-OS, specifically versions 10.2.0, 11.0.0, and 11.1.0 Description: The vulnerability is a command injection flaw in the GlobalProtect feature of PAN-OS, allowing an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3400 Severity: 10 CRITICAL Impacted Products: Palo Alto Networks PAN-OS, specifically versions 10.2.0, 11.0.0, and 11.1.0 Description: The vulnerability is a command injection flaw in the GlobalProtect feature of PAN-OS, allowing an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3094 Severity: 10.0 CRITICAL Impacted Products: xz versions 5.6.0 and 5.6.1 are directly affected. The issue impacts various distributions and software packages relying on these versions of xz, including Debian testing, unstable, and experimental distributions, OpenSUSE Tumbleweed and OpenSUSE Micro OS, Alpine (versions prior to 5.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3094 Severity: 10.0 CRITICAL Impacted Products: xz versions 5.6.0 and 5.6.1 are directly affected. The issue impacts various distributions and software packages relying on these versions of xz, including Debian testing, unstable, and experimental distributions, OpenSUSE Tumbleweed and OpenSUSE Micro OS, Alpine (versions prior to 5.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-25153 Severity: 9.8 CRITICAL Impacted Products: Fortra FileCatalyst Workflow 5.x, before version 5.1.6 Build 114 Description: The vulnerability, found in the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal, enables directory traversal. This allows for unauthorized file uploads outside the intended ‘uploadtemp’ directory, potentially leading to Remote Code Execution (RCE) on the server.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-21762 Severity: 9.8 CRITICAL Impacted Products: Fortinet FortiOS, FortiProxy various versions Description: Out-of-bounds write vulnerability enabling unauthorized code or command execution via crafted requests. Remediation: Follow Fortinet’s vendor instructions for mitigation or product discontinuation if not available.…