Security Vulnerabilities - CVEs Published In June 2024
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-14
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**.
CVSS Score
6.1
EPSS Score
0.112
Published
2024-06-14
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-06-14
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-06-14
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.
CVSS Score
3.5
EPSS Score
0.004
Published
2024-06-14
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-06-14
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-06-14
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0.
CVSS Score
3.8
EPSS Score
0.001
Published
2024-06-14
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-06-14
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule
CVSS Score
8.8
EPSS Score
0.002
Published
2024-06-14