Security Vulnerabilities - CVEs Published In June 2024
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd. It is recommended to apply a patch to fix this issue. VDB-268790 is the identifier assigned to this vulnerability.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-06-17
A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 20c0f29139a82779b86453ce7f68d0681ec7624c. It is recommended to apply a patch to fix this issue. The identifier VDB-268789 was assigned to this vulnerability.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-06-17
A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-06-17
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-06-17
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268784. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
3.7
EPSS Score
0.002
Published
2024-06-17
A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-06-17
In the Linux kernel, the following vulnerability has been resolved:
misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()
When auxiliary_device_add() returns error and then calls
auxiliary_device_uninit(), callback function
gp_auxiliary_device_release() calls ida_free() and
kfree(aux_device_wrapper) to free memory. We should't
call them again in the error handling path.
Fix this by skipping the redundant cleanup functions.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-06-17
TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-06-17
TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-06-17
Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.
CVSS Score
4.1
EPSS Score
0.001
Published
2024-06-17