Security Vulnerabilities - CVEs Published In June 2024
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.
CVSS Score
3.3
EPSS Score
0.004
Published
2024-06-28
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-06-28
A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-28
HCL DRYiCE
AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which
can cause the system to behave in unexpected ways.
CVSS Score
3.7
EPSS Score
0.004
Published
2024-06-28
HCL DRYiCE AEX product is impacted by Missing
Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted
device due to which malicious users can gain unauthorized access to the rooted
devices, compromising security and potentially leading to data breaches or
other malicious activities.
CVSS Score
3.3
EPSS Score
0.004
Published
2024-06-28
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
CVSS Score
5.9
EPSS Score
0.004
Published
2024-06-28
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-06-28
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them
CVSS Score
6.5
EPSS Score
0.003
Published
2024-06-28
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
4.7
EPSS Score
0.003
Published
2024-06-28
The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
5.4
EPSS Score
0.003
Published
2024-06-28