Security Vulnerabilities - CVEs Published In June 2024
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-06-14
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.003
Published
2024-06-14
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-06-14
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVSS Score
3.8
EPSS Score
0.0
Published
2024-06-14
Memory management vulnerability in the boottime module
Impact: Successful exploitation of this vulnerability can affect integrity.
CVSS Score
5.6
EPSS Score
0.001
Published
2024-06-14
Out-of-bounds read vulnerability in the audio module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
7.9
EPSS Score
0.001
Published
2024-06-14
Memory management vulnerability in the Gralloc module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-06-14
Vulnerability of insufficient permission verification in the NearLink module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-06-14
Function vulnerabilities in the Calendar module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-06-14
Vulnerability of unauthorized screenshot capturing in the WMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-06-14