Security Vulnerabilities - CVEs Published In July 2024
Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.
CVSS Score
7.2
EPSS Score
0.006
Published
2024-07-10
Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-07-10
A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-10
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-07-10
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-10
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.
This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-07-10
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-10
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-10
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-10
idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-10