Threat Advisories - NVD Disclosed August 12, 2024

CVE-2024-41710

Mitel SIP Phones Allow Command Execution Via Argument Injection.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in Mitel SIP phones allows authenticated administrators to execute arbitrary commands by exploiting insufficient parameter sanitization during boot. This could impact system integrity and availability. Organizations should identify and address affected devices.

NVD published: August 12, 2024 • CISA KEV

CVE advisoryCRITICAL

CVE-2024-6917

Veribase Order Management OS Command Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Veribase Order Management is impacted by an OS Command Injection vulnerability, allowing unauthorized command execution. This poses a risk to affected organizations through potential unauthorized access, data manipulation, or service disruption. The vulnerability affects versions prior to v4.010.2.

NVD published: August 12, 2024

CVE advisoryKnown Exploit

CVE-2024-27443

Zimbra Collaboration Calendar Vulnerable to Cross-Site Scripting

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Zimbra Collaboration is affected by a Cross-Site Scripting vulnerability in its CalendarInvite feature. This flaw allows attackers to execute arbitrary JavaScript code within a user's session by sending a specially crafted email, potentially leading to unauthorized actions or data exposure. The business risk is associa

NVD published: August 12, 2024 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-7694

ThreatSonar Anti-Ransomware: File Upload Vulnerability Enables Command Execution.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A file upload vulnerability in ThreatSonar Anti-Ransomware allows administrators to execute arbitrary commands on the server by uploading malicious files. This impacts the product's integrity and poses a risk of unauthorized system access and potential data compromise.

NVD published: August 12, 2024 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-7399

Samsung MagicINFO Path Traversal Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Samsung MagicINFO 9 Server is affected by a vulnerability enabling attackers to write arbitrary files with system authority. This poses a significant business risk, as exploitation could lead to unauthorized system access and control.

NVD published: August 12, 2024 • CISA KEV

CVE advisoryCRITICAL

CVE-2024-6684

Inohom Nova Panel Authentication Bypass Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An authentication bypass vulnerability has been identified in an electronic control panel. This could allow unauthorized access to systems, potentially exposing data or disrupting operations. The vendor has indicated the product is no longer supported, increasing business risk. Organizations should identify affected as

NVD published: August 12, 2024