Security Vulnerabilities - CVEs Published In July 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout.
Mitigation:
all users should upgrade to 2.1.4
CVSS Score
9.1
EPSS Score
0.003
Published
2024-07-23
In the Linux kernel, the following vulnerability has been resolved:
filelock: Remove locks reliably when fcntl/close race is detected
When fcntl_setlk() races with close(), it removes the created lock with
do_lock_file_wait().
However, LSMs can allow the first do_lock_file_wait() that created the lock
while denying the second do_lock_file_wait() that tries to remove the lock.
Separately, posix_lock_file() could also fail to
remove a lock due to GFP_KERNEL allocation failure (when splitting a range
in the middle).
After the bug has been triggered, use-after-free reads will occur in
lock_get_status() when userspace reads /proc/locks. This can likely be used
to read arbitrary kernel memory, but can't corrupt kernel memory.
Fix it by calling locks_remove_posix() instead, which is designed to
reliably get rid of POSIX locks associated with the given file and
files_struct and is also used by filp_flush().
CVSS Score
6.3
EPSS Score
0.0
Published
2024-07-23
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
5.9
EPSS Score
0.0
Published
2024-07-23
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
CVSS Score
8.6
EPSS Score
0.403
Published
2024-07-23
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-23
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-23
Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-22
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.
CVSS Score
9.8
EPSS Score
0.013
Published
2024-07-22
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.
CVSS Score
7.5
EPSS Score
0.929
Published
2024-07-22
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-07-22