Security Vulnerabilities - CVEs Published In February 2024
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-07
Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.
CVSS Score
9.8
EPSS Score
0.011
Published
2024-02-07
Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2024-02-07
Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-07
Improper Authentication vulnerability in Apache Ozone.
The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication.
The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability.
The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone.
This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0.
Users are recommended to upgrade to version 1.4.0, which fixes the issue.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-07
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-02-07
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-02-07
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-02-07
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.
Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.
Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.
2.11 Pulsar users should upgrade to at least 2.11.3.
3.0 Pulsar users should upgrade to at least 3.0.2.
3.1 Pulsar users should upgrade to at least 3.1.1.
Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.
For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .
CVSS Score
7.4
EPSS Score
0.001
Published
2024-02-07
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-07