Security Vulnerabilities - CVEs Published In June 2024
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-06-14
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-06-14
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-06-14
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.
CVSS Score
9.1
EPSS Score
0.013
Published
2024-06-14
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.
CVSS Score
4.7
EPSS Score
0.006
Published
2024-06-14
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-06-14
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-06-14
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVSS Score
3.8
EPSS Score
0.0
Published
2024-06-14
Memory management vulnerability in the boottime module
Impact: Successful exploitation of this vulnerability can affect integrity.
CVSS Score
5.6
EPSS Score
0.001
Published
2024-06-14
Out-of-bounds read vulnerability in the audio module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
7.9
EPSS Score
0.001
Published
2024-06-14