Security Vulnerabilities - CVEs Published In February 2024
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-02-19
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
CVSS Score
5.5
EPSS Score
0.0
Published
2024-02-19
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
CVSS Score
7.8
EPSS Score
0.004
Published
2024-02-19
Signed to unsigned conversion esp32_ipm_send
CVSS Score
8.0
EPSS Score
0.002
Published
2024-02-18
can: out of bounds in remove_rx_filter function
CVSS Score
4.4
EPSS Score
0.001
Published
2024-02-18
Unchecked length coming from user input in settings shell
CVSS Score
8.0
EPSS Score
0.002
Published
2024-02-18
Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-18
Vulnerability of improper access control in the email module.Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-18
Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-18
Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-18