Security Vulnerabilities - CVEs Published In July 2024
In snapd versions prior to 2.62, snapd failed to properly check the
destination of symbolic links when extracting a snap. The snap format
is a squashfs file-system image and so can contain symbolic links and
other file types. Various file entries within the snap squashfs image
(such as icons and desktop files etc) are directly read by snapd when
it is extracted. An attacker who could convince a user to install a
malicious snap which contained symbolic links at these paths could then
cause snapd to write out the contents of the symbolic link destination
into a world-readable directory. This in-turn could allow an unprivileged
user to gain access to privileged information.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-07-25
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.
CVSS Score
9.8
EPSS Score
0.011
Published
2024-07-25
A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
CVSS Score
7.2
EPSS Score
0.685
Published
2024-07-25
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS Score
7.2
EPSS Score
0.104
Published
2024-07-25
In snapd versions prior to 2.62, when using AppArmor for enforcement of
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to
the users PATH. An attacker who could convince a user to install a
malicious snap which used the 'home' plug could use this vulnerability
to install arbitrary scripts into the users PATH which may then be run
by the user outside of the expected snap sandbox and hence allow them
to escape confinement.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-07-25
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.
CVSS Score
6.8
EPSS Score
0.003
Published
2024-07-25
There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.07.
Attackers with system administrator permissions can interfere with another
system administrator’s use of the publishing UI when the administrators are
editing the same management object. The scope is unchanged, there is no loss of
confidentiality. Impact to system availability is none, impact to system
integrity is high.
CVSS Score
4.5
EPSS Score
0.004
Published
2024-07-25
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-25
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-07-25
OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user's account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, having a fallthrough VirtualHost). It might also affect other installations that did not take care to fix the HOST/X-Forwarded-Host headers. Version 14.3.0 includes stronger protections for the hostname from within the application using the HostAuthorization middleware of Rails to reject any requests with a host name that does not match the configured one. Also, all generated links by the application are now ensured to use the built-in hostname. Users who aren't able to upgrade immediately may use mod_security for Apache2 or manually fix the Host and X-Forwarded-Host headers in their proxying application before reaching the application server of OpenProject. Alternatively, they can manually apply the patch to opt-in to host header protections in previous versions of OpenProject.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-07-25