Security Vulnerabilities - CVEs Published In June 2024
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28).
CVSS Score
6.3
EPSS Score
0.003
Published
2024-06-14
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-06-14
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-14
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-06-14
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-06-14
In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack.
CVSS Score
6.1
EPSS Score
0.008
Published
2024-06-14
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-06-14
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-06-14
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-14
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-06-14