Home / 2024 Advisories Archive

2024 Advisories Archive

Severity	Date Published	Date Updated	Check Point Reference	Industry Reference	Description
Critical	3 Sep 2024	3 Sep 2024	CPAI-2024-0750	CVE-2024-38652	Ivanti Avalanche Directory Traversal (CVE-2024-38652)
Medium	3 Sep 2024	3 Sep 2024	CPAI-2024-0747	CVE-2024-23119	Centreon Project Centreon Web SQL Injection (CVE-2024-23119)
Critical	3 Sep 2024	3 Sep 2024	CPAI-2023-1881	CVE-2023-29412	Schneider Electric APC Easy UPS Online Monitoring Remote Code Execution (CVE-2023-29412)
High	3 Sep 2024	3 Sep 2024	CPAI-2024-0737	CVE-2024-32766	myQNAPcloud Command Injection (CVE-2024-32766)
Medium	3 Sep 2024	3 Sep 2024	CPAI-2024-0736	CVE-2024-29830	Ivanti Endpoint Manager SQL Injection (CVE-2024-29830)
High	3 Sep 2024	3 Sep 2024	CPAI-2018-2791	CVE-2018-16855	PowerDNS Recursor Out-of-Bounds Read (CVE-2018-16855)
High	26 Aug 2024	3 Sep 2024	CPAI-2024-0721	CVE-2024-6457	WordPress Project Husky Products Filter Plugin SQL Injection (CVE-2024-6457)
Medium	3 Sep 2024	3 Sep 2024	CPAI-2021-1959	CVE-2021-37152	Sonatype Nexus Repository Manager Cross-Site Scripting (CVE-2021-37152)
Medium	3 Sep 2024	3 Sep 2024	CPAI-2020-3997	CVE-2020-0765	Microsoft Remote Desktop Connection Manager XML External Entity Injection (CVE-2020-0765)
High	3 Sep 2024	3 Sep 2024	CPAI-2023-0801	CVE-2023-3256	Advantech R-SeeNet Local File Inclusion (CVE-2023-3256)
High	3 Sep 2024	3 Sep 2024	CPAI-2023-0775	CVE-2023-28716	MySCADA MyPRO Command Injection (CVE-2023-28716)
High	2 Sep 2024	2 Sep 2024	CPAI-2024-0771	CVE-2024-7029	AVTECH AVM1203 Command Injection (CVE-2024-7029)
Critical	2 Sep 2024	2 Sep 2024	CPAI-2024-0758	CVE-2024-31819	WWBN AVideo Remote Code Execution (CVE-2024-31819)
Critical	2 Sep 2024	2 Sep 2024	CPAI-2022-2119	CVE-2022-32522	Schneider Electric Interactive Graphical SCADA System Out-of-bounds Write (CVE-2022-32522)
High	2 Sep 2024	2 Sep 2024	CPAI-2024-0749		Zhiyuan OA Arbitrary File Upload
High	2 Sep 2024	2 Sep 2024	CPAI-2023-1883	CVE-2023-41578	Jeecg Boot Information Disclosure (CVE-2023-41578)
High	2 Sep 2024	2 Sep 2024	CPAI-2020-4197	CVE-2020-13573	Rockwell Automation RSLinx Denial of Service (CVE-2020-13573)
High	2 Sep 2024	2 Sep 2024	CPAI-2024-0742		Elber Wayber II Authentication Bypass
Critical	2 Sep 2024	2 Sep 2024	CPAI-2024-0731	CVE-2024-39914	FOG Project Command Injection (CVE-2024-39914)
Critical	2 Sep 2024	2 Sep 2024	CPAI-2024-0720	CVE-2024-7829	D-Link Multiple Products Command Injection (CVE-2024-7829)
Critical	1 Sep 2024	1 Sep 2024	CPAI-2022-2121	CVE-2022-47002	Masa CMS Authentication Bypass (CVE-2022-47002)
High	1 Sep 2024	1 Sep 2024	CPAI-2024-0741	CVE-2024-6411	WordPress ProfileGrid Plugin Privilege Escalation (CVE-2024-6411)
High	29 Aug 2024	29 Aug 2024	CPAI-2024-0734		YiSaiTong SQL Injection
High	19 Aug 2024	29 Aug 2024	CPAI-2024-0712		Landray OA Remote Code Execution
High	29 Aug 2024	29 Aug 2024	CPAI-2024-0686	CVE-2024-6366	WordPress User Profile Builder Plugin Arbitrary File Upload (CVE-2024-6366)
Critical	7 Aug 2024	29 Aug 2024	CPAI-2024-0663	CVE-2024-38856	Apache OFBiz Remote Code Execution (CVE-2024-38856)
Critical	29 Aug 2024	29 Aug 2024	CPAI-2021-2137	CVE-2021-33044	Dahua Security Multiple Products Authentication Bypass (CVE-2021-33044)
High	29 Aug 2024	29 Aug 2024	CPAI-2023-0532	CVE-2023-27978	Schneider Electric Multiple Products Insecure Deserialization (CVE-2023-27978)
High	28 Aug 2024	28 Aug 2024	CPAI-2024-0748	CVE-2024-30850	CHAOS RAT Command Injection (CVE-2024-30850)
Critical	28 Aug 2024	28 Aug 2024	CPAI-2022-2118	CVE-2022-47071	NVS365 V01 Command Injection (CVE-2022-47071)
High	28 Aug 2024	28 Aug 2024	CPAI-2024-0732	CVE-2024-28741	NorthStar C2 Remote Code Execution (CVE-2024-28741)
Critical	28 Aug 2024	28 Aug 2024	CPAI-2024-0726	CVE-2024-25830	F-logic DataCube3 Information Disclosure (CVE-2024-25830)
High	27 Aug 2024	27 Aug 2024	CPAI-2024-0743	CVE-2024-39123	Calibre-Web Cross-Site Scripting (CVE-2024-39123)
Critical	22 Aug 2024	27 Aug 2024	CPAI-2024-0728	CVE-2024-28000	WordPress LiteSpeed Cache Plugin Privilege Escalation (CVE-2024-28000)
High	27 Aug 2024	27 Aug 2024	CPAI-2020-4196	CVE-2020-17525	Apache Subversion Denial of Service (CVE-2020-17525)
High	27 Aug 2024	27 Aug 2024	CPAI-2023-1879	CVE-2023-50564	Pluck CMS Arbitrary File Upload (CVE-2023-50564)
Medium	27 Aug 2024	27 Aug 2024	CPAI-2021-2203	CVE-2021-22784	Schneider Electric C-Bus Toolkit Authentication Bypass (CVE-2021-22784)
High	27 Aug 2024	27 Aug 2024	CPAI-2024-0598	CVE-2024-5276	Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
High	27 Aug 2024	27 Aug 2024	CPAI-2021-1785	CVE-2021-22824	Schneider-Electric Interactive Graphical SCADA System Buffer Overflow (CVE-2021-22824)
Critical	27 Aug 2024	27 Aug 2024	CPAI-2022-1574	CVE-2022-24313	Schneider-Electric Interactive Graphical SCADA System Buffer Overflow (CVE-2022-24313)
High	27 Aug 2024	27 Aug 2024	CPAI-2022-1564	CVE-2022-24315	Schneider-Electric Interactive Graphical SCADA System Out-of-bounds Read (CVE-2022-24315)
High	26 Aug 2024	26 Aug 2024	CPAI-2024-0719	CVE-2024-29276	Seeyon OA Arbitrary File Upload (CVE-2024-29276)
Critical	26 Aug 2024	26 Aug 2024	CPAI-2024-0718		Zhiyuan A8 OA Remote Code Execution
Critical	26 Aug 2024	26 Aug 2024	CPAI-2023-1878	CVE-2023-40504	LG Simple Editor Command Injection (CVE-2023-40504)
High	26 Aug 2024	26 Aug 2024	CPAI-2023-1877	CVE-2023-49964	Hyland Alfresco Server-Side Template Injection (CVE-2023-49964)
High	26 Aug 2024	26 Aug 2024	CPAI-2022-2090	CVE-2022-28685	AVEVA Edge Insecure Deserialization (CVE-2022-28685)
High	26 Aug 2024	26 Aug 2024	CPAI-2023-0365	CVE-2023-28400	MySCADA MyPRO Command Injection (CVE-2023-28400)
High	8 Feb 2024	22 Aug 2024	CPAI-2016-1253	CVE-2016-8525 CVE-2016-8530	HP Intelligent Management Center Denial of Service (CVE-2016-8530; CVE-2016-8525)
Medium	22 Aug 2024	22 Aug 2024	CPAI-2021-2204	CVE-2021-38488	Delta DIALink Cross-Site Scripting (CVE-2021-38488)
Medium	22 Aug 2024	22 Aug 2024	CPAI-2024-0714	CVE-2023-4119 CVE-2023-4973 CVE-2024-38959	WordPress Academy LMS Plugin Cross-Site Scripting (CVE-2023-4119; CVE-2023-4973; CVE-2024-38959)