Security Vulnerabilities - CVEs Published In June 2024
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.
This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9
CVSS Score
2.6
EPSS Score
0.002
Published
2024-06-12
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-06-12
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-06-12
SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-06-12
CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could
cause denial of service, device reboot, or an attacker gaining full control of the relay when a
specially crafted reset token is entered into the front panel of the device.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-12
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-06-12
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could
cause privilege escalation when a valid user replaces a trusted file name on the system and
reboots the machine.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-12
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege
escalation when logged in as a non-administrative user.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-12
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-12
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.
CVSS Score
4.8
EPSS Score
0.004
Published
2024-06-12