Security Vulnerabilities - CVEs Published In June 2024
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.004
Published
2024-06-25
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.004
Published
2024-06-25
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.005
Published
2024-06-25
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
CVSS Score
6.9
EPSS Score
0.003
Published
2024-06-24
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.004
Published
2024-06-24
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2024-06-24
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2024-06-24
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2024-06-24
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-06-24
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
CVSS Score
5.3
EPSS Score
0.016
Published
2024-06-24