Security Vulnerabilities - CVEs Published In July 2024
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-09
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-09
A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.
CVSS Score
6.2
EPSS Score
0.003
Published
2024-07-09
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-07-09
vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-07-09
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-09
electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-07-09
XSS vulnerability in DJ-HelpfulArticles component for Joomla.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-09
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service.
CVSS Score
6.0
EPSS Score
0.002
Published
2024-07-09
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.
CVSS Score
4.4
EPSS Score
0.002
Published
2024-07-09