Security Vulnerabilities - CVEs Published In July 2024
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
CVSS Score
7.5
EPSS Score
0.006
Published
2024-07-10
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-10
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-10
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-10
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-10
CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. This vulnerability is fixed in 2.5.4.
CVSS Score
5.3
EPSS Score
0.044
Published
2024-07-10
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.
CVSS Score
8.1
EPSS Score
0.009
Published
2024-07-10
Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-10
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.
CVSS Score
8.1
EPSS Score
0.007
Published
2024-07-10
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16.
CVSS Score
7.2
EPSS Score
0.004
Published
2024-07-10