Security Vulnerabilities - CVEs Published In June 2024
robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-06-06
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-06-06
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-06
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-06
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-06-06
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-06-06
The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.
CVSS Score
7.5
EPSS Score
0.118
Published
2024-06-06
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-06-06
Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-06-06
Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-06-06