Home / 2024 Advisories Archive

2024 Advisories Archive

Severity	Date Published	Date Updated	Check Point Reference	Industry Reference	Description
Critical	2 Apr 2024	8 Aug 2024	CPAI-2023-1598	CVE-2023-37170 CVE-2023-37171 CVE-2023-37172 CVE-2023-37173 CVE-2023-46976 CVE-2023-46993 CVE-2024-23057 CVE-2024-23058 CVE-2024-23059 CVE-2024-23060 CVE-2024-23061 CVE-2024-24325 CVE-2024-24326 CVE-2024-24327	TOTOLINK A3300R Command Injection (CVE-2023-37170; CVE-2023-37171; CVE-2023-37172; CVE-2023-37173; CVE-2023-46976; CVE-2023-46993; CVE-2024-23057; CVE-2024-23058; CVE-2024-23059; CVE-2024-23060; CVE-2024-23061; CVE-2024-24325; CVE-2024-24326; CVE-2024-24327)
Critical	22 Jan 2024	8 Aug 2024	CPAI-2023-1472	CVE-2023-49417 CVE-2023-49418 CVE-2024-7212 CVE-2024-7213	TOTOLINK A7000R Stack Overflow (CVE-2023-49417; CVE-2023-49418; CVE-2024-7212; CVE-2024-7213)
High	8 Aug 2024	8 Aug 2024	CPAI-2023-0695	CVE-2023-23836	SolarWinds Orion Platform Insecure Deserialization (CVE-2023-23836)
High	7 Aug 2024	7 Aug 2024	CPAI-2024-0654	CVE-2024-7334 CVE-2024-7335 CVE-2024-7336 CVE-2024-7337 CVE-2024-7338	TOTOLINK EX Buffer Overflow (CVE-2024-7334; CVE-2024-7335; CVE-2024-7336; CVE-2024-7337; CVE-2024-7338)
High	7 Aug 2024	7 Aug 2024	CPAI-2024-0626	CVE-2024-4885	WhatsUp Gold Remote Code Execution (CVE-2024-4885)
High	7 Aug 2024	7 Aug 2024	CPAI-2024-0568	CVE-2024-27136	Apache JSPWiki Cross-Site Scripting (CVE-2024-27136)
High	4 Jul 2024	7 Aug 2024	CPAI-2023-1785	CVE-2023-0104	Weintek EasyBuilder Pro Directory Traversal (CVE-2023-0104)
High	6 Aug 2024	6 Aug 2024	CPAI-2023-1860	CVE-2023-1549	WordPress Ad Inserter Plugin PHP Object Injection (CVE-2023-1549)
High	6 Aug 2024	6 Aug 2024	CPAI-2024-0615	CVE-2024-6962 CVE-2024-6963 CVE-2024-6964 CVE-2024-6965 CVE-2024-7151 CVE-2024-7152	Tenda O3 Stack Overflow (CVE-2024-6962; CVE-2024-6963; CVE-2024-6964; CVE-2024-6965; CVE-2024-7151; CVE-2024-7152)
Critical	5 Aug 2024	5 Aug 2024	CPAI-2023-1866	CVE-2023-28398 CVE-2023-28718	Osprey Pump Controller Authentication Bypass (CVE-2023-28398; CVE-2023-28718)
Medium	5 Aug 2024	5 Aug 2024	CPAI-2024-0633	CVE-2024-4474	WordPress oneTarek WP Logs Book Plugin Cross-Site Request Forgery (CVE-2024-4474)
High	5 Aug 2024	5 Aug 2024	CPAI-2024-0628	CVE-2024-34051	Dolibarr ERP and CRM Suite Reflected Cross-Site Scripting (CVE-2024-34051)
Medium	5 Aug 2024	5 Aug 2024	CPAI-2024-0627	CVE-2024-6922	Automation Anywhere 360 Server-Side Request Forgery (CVE-2024-6922)
High	5 Aug 2024	5 Aug 2024	CPAI-2024-0625	CVE-2024-7172 CVE-2024-7173 CVE-2024-7176 CVE-2024-7178 CVE-2024-7179 CVE-2024-7180 CVE-2024-7184 CVE-2024-7186	TOTOLINK A3600R Buffer Overflow (CVE-2024-7172; CVE-2024-7173; CVE-2024-7176; CVE-2024-7178; CVE-2024-7179; CVE-2024-7180; CVE-2024-7184; CVE-2024-7186)
High	5 Aug 2024	5 Aug 2024	CPAI-2024-0622	CVE-2024-7156	TOTOLINK A3700R Information Disclosure (CVE-2024-7156)
High	5 Aug 2024	5 Aug 2024	CPAI-2024-0621	CVE-2024-7157	TOTOLINK A3100R Buffer Overflow (CVE-2024-7157)
Critical	5 Aug 2024	5 Aug 2024	CPAI-2023-1853	CVE-2023-33404	BlogEngine.NET Arbitrary File Upload (CVE-2023-33404)
High	5 Aug 2024	5 Aug 2024	CPAI-2024-0612	CVE-2024-21518	Opencart Code Injection (CVE-2024-21518)
Critical	25 Jul 2024	5 Aug 2024	CPAI-2024-0614	CVE-2024-41110	Docker Engine Authentication Bypass (CVE-2024-41110)
High	5 Aug 2024	5 Aug 2024	CPAI-2024-0611	CVE-2024-3833	Google Chrome Type Confusion (CVE-2024-3833)
High	19 Jun 2024	5 Aug 2024	CPAI-2023-1778	CVE-2023-36884	Microsoft Multiple Products Remote Code Execution (CVE-2023-36884)
High	5 Aug 2024	5 Aug 2024	CPAI-2022-2081	CVE-2022-38111	SolarWinds Orion Platform Insecure Deserialization (CVE-2022-38111)
Critical	1 Aug 2024	1 Aug 2024	CPAI-2023-1857	CVE-2023-30194	Prestashop Posthemes SQL Injection (CVE-2023-30194)
Medium	1 Aug 2024	1 Aug 2024	CPAI-2024-0618	CVE-2024-2454	GitLab Community Edition (CE) and Enterprise Edition Denial of Service (CVE-2024-2454)
High	1 Aug 2024	1 Aug 2024	CPAI-2023-1854	CVE-2023-4827	WordPress File Manager Pro Plugin Remote Code Execution (CVE-2023-4827)
Critical	4 Jul 2024	1 Aug 2024	CPAI-2023-1811	CVE-2023-27394 CVE-2023-28712	Osprey Pump Controller Command Injection (CVE-2023-27394; CVE-2023-28712)
High	31 Jul 2024	31 Jul 2024	CPAI-2024-0624	CVE-2024-7171 CVE-2024-7174 CVE-2024-7175 CVE-2024-7177 CVE-2024-7181 CVE-2024-7182 CVE-2024-7183 CVE-2024-7185	TOTOLINK A3600R Command Injection (CVE-2024-7171; CVE-2024-7174; CVE-2024-7175; CVE-2024-7177; CVE-2024-7181; CVE-2024-7182; CVE-2024-7183; CVE-2024-7185)
High	31 Jul 2024	31 Jul 2024	CPAI-2024-0590	CVE-2024-39149	NETGEAR X6 R8000 Command Injection (CVE-2024-39149)
High	16 Jul 2024	31 Jul 2024	CPAI-2023-1839	CVE-2023-3545 CVE-2023-4220 CVE-2023-4223 CVE-2023-4224 CVE-2023-4225 CVE-2023-4226	Chamilo Arbitrary File Upload (CVE-2023-3545; CVE-2023-4220; CVE-2023-4223; CVE-2023-4224; CVE-2023-4225; CVE-2023-4226)
Critical	31 Jul 2024	31 Jul 2024	CPAI-2023-1832	CVE-2023-43795	Osgeo GeoServer Server Side Request Forgery (CVE-2023-43795)
Medium	16 Jun 2024	31 Jul 2024	CPAI-2018-2743	CVE-2018-14392	MyBB New Threads Cross-Site Scripting (CVE-2018-14392)
Critical	30 Jul 2024	30 Jul 2024	CPAI-2023-1850	CVE-2023-27076	Tenda G103 Command Injection (CVE-2023-27076)
Critical	21 Jul 2024	30 Jul 2024	CPAI-2024-0589	CVE-2024-4879 CVE-2024-5178 CVE-2024-5217	ServiceNow Server-Side Template Injection (CVE-2024-4879; CVE-2024-5178; CVE-2024-5217)
High	24 Jun 2024	30 Jul 2024	CPAI-2022-2085	CVE-2022-2463	Rockwell Automation ISaGRAF Workbench Directory Traversal (CVE-2022-2463)
Medium	29 Jul 2024	29 Jul 2024	CPAI-2024-0609	CVE-2024-31444	Cacti Group Cacti Stored Cross-Site Scripting (CVE-2024-31444)
Critical	29 Jul 2024	29 Jul 2024	CPAI-2018-2779	CVE-2018-1000517	BusyBox Buffer Overflow (CVE-2018-1000517)
Medium	29 Jul 2024	29 Jul 2024	CPAI-2020-4190	CVE-2020-1464	Microsoft Windows File Signature Spoofing (CVE-2020-1464)
Medium	29 Jul 2024	29 Jul 2024	CPAI-2024-0588	CVE-2024-31458	Cacti Group Cacti SQL Injection (CVE-2024-31458)
Critical	29 Jul 2024	29 Jul 2024	CPAI-2024-0578	CVE-2024-27144 CVE-2024-27145 CVE-2024-27146 CVE-2024-27147 CVE-2024-27148 CVE-2024-27149 CVE-2024-27150 CVE-2024-27151 CVE-2024-27171	Toshiba Multi-Function Printers Unrestricted File Upload (CVE-2024-27144; CVE-2024-27145; CVE-2024-27146; CVE-2024-27147; CVE-2024-27148; CVE-2024-27149; CVE-2024-27150; CVE-2024-27151; CVE-2024-27171)
Critical	28 Jul 2024	28 Jul 2024	CPAI-2023-1852	CVE-2023-34600	Adiscon LogAnalyzer SQL Injection (CVE-2023-34600)
Critical	28 Jul 2024	28 Jul 2024	CPAI-2023-1851	CVE-2023-1698	WAGO Command Injection (CVE-2023-1698)
High	28 Jul 2024	28 Jul 2024	CPAI-2023-1849	CVE-2023-36212	Total CMS Arbitrary File Upload (CVE-2023-36212)
Critical	28 Jul 2024	28 Jul 2024	CPAI-2024-0606	CVE-2024-1651	Torrentpier Insecure Deserialization (CVE-2024-1651)
Critical	28 Jul 2024	28 Jul 2024	CPAI-2023-1848	CVE-2023-37145 CVE-2023-37148	TOTOLINK LR350 Command Injection (CVE-2023-37145; CVE-2023-37148)
High	28 Jul 2024	28 Jul 2024	CPAI-2024-0595	CVE-2024-39943	Rejetto HTTP File Server Remote Code Execution (CVE-2024-39943)
High	28 Jul 2024	28 Jul 2024	CPAI-2007-0657	CVE-2007-6506	HP Software Update Arbitrary File Overwrite (CVE-2007-6506)
Critical	2 Apr 2024	28 Jul 2024	CPAI-2023-1623	CVE-2022-32039 CVE-2022-32040 CVE-2022-32043 CVE-2023-37710 CVE-2023-37714 CVE-2023-37715 CVE-2023-37716 CVE-2023-37717 CVE-2023-37718 CVE-2023-37719 CVE-2023-37721 CVE-2023-37722 CVE-2023-37723 CVE-2023-51093	Tenda Multiple Products Stack Overflow (CVE-2022-32039; CVE-2022-32040; CVE-2022-32043; CVE-2023-37710; CVE-2023-37714; CVE-2023-37715; CVE-2023-37716; CVE-2023-37717; CVE-2023-37718; CVE-2023-37719; CVE-2023-37721; CVE-2023-37722; CVE-2023-37723; CVE-2023-51093)
Critical	3 Mar 2024	25 Jul 2024	CPAI-2024-0034	CVE-2020-9437	Client-Side Template Injection (CVE-2020-9437)
Critical	24 Jul 2024	24 Jul 2024	CPAI-2024-0587	CVE-2024-27172	Toshiba Multi-Function Printers Command Injection (CVE-2024-27172)
Medium	24 Jul 2024	24 Jul 2024	CPAI-2016-1333	CVE-2016-0489	Oracle Application Testing Suite Directory Traversal (CVE-2016-0489)