Security Vulnerabilities - CVEs Published In June 2024
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
CVSS Score
9.0
EPSS Score
0.018
Published
2024-06-28
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-06-28
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters.
Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-06-28
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar.
Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-06-28
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-06-28
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318.
CVSS Score
9.8
EPSS Score
0.038
Published
2024-06-28
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names.
Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-06-28
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.
CVSS Score
6.1
EPSS Score
0.161
Published
2024-06-28
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
CVSS Score
7.5
EPSS Score
0.302
Published
2024-06-28
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.
CVSS Score
7.5
EPSS Score
0.288
Published
2024-06-28