Security Vulnerabilities - CVEs Published In May 2024
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-05-20
KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-05-20
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
CVSS Score
6.5
EPSS Score
0.156
Published
2024-05-20
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
CVSS Score
7.9
EPSS Score
0.001
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-05-20
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
CVSS Score
8.2
EPSS Score
0.001
Published
2024-05-20
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-05-20
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
CVSS Score
5.2
EPSS Score
0.001
Published
2024-05-20
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-05-20
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.
CVSS Score
7.7
EPSS Score
0.002
Published
2024-05-20