# Weekly CVE - Vulnerability Summary

In [19]:
import pandas as pd
from IPython.display import Markdown, display

In [20]:
## Read CSV into a Pandas DataFrame


In [21]:
weekly_cve_df = pd.read_csv("../../data/weekly_cve/processed/nvd_epss_kev.csv")

## Display Summary

In [22]:
# Function to display Markdown text
def print_md(text):
    display(Markdown(text))


# Data Extraction

# Total CVEs
total_cves = weekly_cve_df["CVE"].nunique()

# Severity Distribution
severity_counts = weekly_cve_df["CVSS_Severity"].value_counts()

# Vulnerability Status Distribution
status_counts = weekly_cve_df["Vuln_Status"].value_counts()

# Affected Vendors
total_vendors_affected = weekly_cve_df["Vendor"].nunique()
top_affected_vendors = weekly_cve_df["Vendor"].value_counts().head(3)

# Top 10 Prioritized Vulnerabilities
top_10_vulnerabilities = (
    weekly_cve_df.sort_values(by=["CVSS_Base_Score", "EPSS"], ascending=[False, False])
    .head(10)[
        [
            "CVE",
            "CVSS_Base_Score",
            "EPSS",
            "Vendor",
            "Product",
            "Description",
            "CISA_KEV",
            "Vuln_Status",
        ]
    ]
    .to_dict(orient="records")
)

# Calculate percentages
severity_percentages = (severity_counts / total_cves) * 100
status_percentages = (status_counts / total_cves) * 100
vendor_percentages = (top_affected_vendors / total_vendors_affected) * 100

# Display Summary

# Title and Overview
print_md("# Weekly Cybersecurity Vulnerability Report\n")
print_md(
    "## Overview\nThis summary provides an overview of the key critical and high-severity vulnerabilities reported in the past week.\n"
)

# Count of CVEs
print_md(f"**Total CVEs Reported**: {total_cves}\n")

# Severity Distribution
print_md("### Severity Distribution\n")
for severity, count in severity_counts.items():
    percentage = severity_percentages[severity]
    print_md(f"- **{severity.title()}**: {count} ({percentage:.0f}%)")

# Vulnerability Status Distribution
print_md("\n### Vulnerability Status Distribution\n")
for status, count in status_counts.items():
    percentage = status_percentages[status]
    print_md(f"- **{status}**: {count} ({percentage:.0f}%)")

# Affected Vendors
print_md("\n## Affected Vendors\n")
print_md(f"- **Total Vendors Affected**: {total_vendors_affected}\n")
print_md("### Top Affected Vendors:")
for vendor, count in top_affected_vendors.items():
    percentage = vendor_percentages[vendor]
    print_md(f"- **{vendor.title()}**: {count} vulnerabilities ({percentage:.0f}%)")

# Notable Vulnerabilities
print_md("\n## Notable Vulnerabilities\n")
for idx, vuln in enumerate(top_10_vulnerabilities, 1):
    print_md(f"### {idx}. {vuln['CVE']}\n")
    if pd.notna(vuln['Vendor']):
        print_md(f"- **Affected Product**: {vuln['Vendor'].title()} {vuln['Product'].title()}\n")
    print_md(f"- **Description**: {vuln['Description'].replace('\n', ' ')}\n")
    print_md(f"- **CVSS Base Score**: {vuln['CVSS_Base_Score']}\n")
    print_md(f"- **EPSS Score**: {vuln['EPSS']}\n")
    print_md(f"- **CISA KEV**: {'Yes' if vuln['CISA_KEV'] else 'No'}\n")
    print_md(f"- **Vulnerability Status**: {vuln['Vuln_Status']}\n")

# Weekly Cybersecurity Vulnerability Report


## Overview
This summary provides an overview of the key critical and high-severity vulnerabilities reported in the past week.


**Total CVEs Reported**: 165


### Severity Distribution


- **High**: 127 (77%)

- **Critical**: 24 (15%)

- **Medium**: 14 (8%)


### Vulnerability Status Distribution


- **Analyzed**: 71 (43%)

- **Awaiting Analysis**: 68 (41%)

- **Undergoing Analysis**: 21 (13%)

- **Modified**: 5 (3%)


## Affected Vendors


- **Total Vendors Affected**: 28


### Top Affected Vendors:

- **Linux**: 11 vulnerabilities (39%)

- **Totolink**: 8 vulnerabilities (29%)

- **Freebsd**: 7 vulnerabilities (25%)


## Notable Vulnerabilities


### 1. CVE-2024-43102


- **Affected Product**: Freebsd Freebsd


- **Description**: Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early.  A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape.


- **CVSS Base Score**: 10.0


- **EPSS Score**: 0.00091


- **CISA KEV**: No


- **Vulnerability Status**: Analyzed


### 2. CVE-2024-45076


- **Affected Product**: Ibm Webmethods_Integration


- **Description**: IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.


- **CVSS Base Score**: 9.9


- **EPSS Score**: 0.0005


- **CISA KEV**: No


- **Vulnerability Status**: Analyzed


### 3. CVE-2024-43491


- **Description**: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.


- **CVSS Base Score**: 9.8


- **EPSS Score**: 0.00712


- **CISA KEV**: Yes


- **Vulnerability Status**: Awaiting Analysis


### 4. CVE-2024-45507


- **Affected Product**: Apache Ofbiz


- **Description**: Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.  This issue affects Apache OFBiz: before 18.12.16.  Users are recommended to upgrade to version 18.12.16, which fixes the issue.


- **CVSS Base Score**: 9.8


- **EPSS Score**: 0.00514


- **CISA KEV**: No


- **Vulnerability Status**: Analyzed


### 5. CVE-2024-7950


- **Description**: The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator.


- **CVSS Base Score**: 9.8


- **EPSS Score**: 0.00138


- **CISA KEV**: No


- **Vulnerability Status**: Awaiting Analysis


### 6. CVE-2024-44727


- **Affected Product**: Angeljudesuarez Event_Management_System


- **Description**: Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.


- **CVSS Base Score**: 9.8


- **EPSS Score**: 0.00106


- **CISA KEV**: No


- **Vulnerability Status**: Analyzed


### 7. CVE-2024-44400


- **Affected Product**: Dlink Di-8400_Firmware


- **Description**: D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp.


- **CVSS Base Score**: 9.8


- **EPSS Score**: 0.00098


- **CISA KEV**: No


- **Vulnerability Status**: Modified


### 8. CVE-2024-44402


- **Affected Product**: Dlink Di-8100G_Firmware


- **Description**: D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.


- **CVSS Base Score**: 9.8


- **EPSS Score**: 0.00098


- **CISA KEV**: No


- **Vulnerability Status**: Analyzed


### 9. CVE-2024-6596


- **Description**: An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.


- **CVSS Base Score**: 9.8


- **EPSS Score**: 0.00093


- **CISA KEV**: No


- **Vulnerability Status**: Awaiting Analysis


### 10. CVE-2024-7493


- **Description**: The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.


- **CVSS Base Score**: 9.8


- **EPSS Score**: 0.00091


- **CISA KEV**: No


- **Vulnerability Status**: Awaiting Analysis
