Security Vulnerabilities - CVEs Published In June 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-06-12
SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-06-12
CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could
cause denial of service, device reboot, or an attacker gaining full control of the relay when a
specially crafted reset token is entered into the front panel of the device.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-12
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-06-12
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could
cause privilege escalation when a valid user replaces a trusted file name on the system and
reboots the machine.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-12
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege
escalation when logged in as a non-administrative user.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-12
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-12
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.
CVSS Score
4.8
EPSS Score
0.004
Published
2024-06-12
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
CVSS Score
7.0
EPSS Score
0.001
Published
2024-06-12
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-06-12