Security Vulnerabilities - CVEs Published In April 2024
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application
CVSS Score
10.0
EPSS Score
0.001
Published
2024-04-05
NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-04-05
NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-04-05
A vulnerability classified as critical has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected is an unknown function of the file booking/index.php. The manipulation of the argument log_email/log_pword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259452.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-04-05
A vulnerability classified as critical was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259453 was assigned to this vulnerability.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-04-05
A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activate_jet_details_form_handler.php. The manipulation of the argument jet_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259451.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-04-05
u-boot bug that allows for u-boot shell and interrupt over UART
CVSS Score
10.0
EPSS Score
0.001
Published
2024-04-05
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface outside of localhost may be affected, depending on firewall configuration. To exploit vulnerability, attacker could make an http/s request to the `node_modules` endpoint if user exposed Sunshine config web server to internet or attacker is on the LAN. Version 0.18.0 contains a patch for this issue. As a workaround, one may block access to Sunshine via firewall.
CVSS Score
7.3
EPSS Score
0.002
Published
2024-04-05
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on the ICMS2 application. They could then host a website stating "To update your profile, please enter your password," upon which the user may type their password and send it to the attacker. As of time of publication, a patched version is not available.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-04-05
Stored XSS in graph rendering in Checkmk <2.3.0b4.
CVSS Score
4.6
EPSS Score
0.008
Published
2024-04-05