Security Vulnerabilities - CVEs Published In August 2024
CVE-2024-7515 IMPACT
A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-08-14
CVE-2024-40619 IMPACT
A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-08-14
CVE-2024-40620 IMPACT
A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-08-14
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.
CVSS Score
9.8
EPSS Score
0.01
Published
2024-08-14
CVE-2024-7507 IMPACT
A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-08-14
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.
CVSS Score
7.5
EPSS Score
0.013
Published
2024-08-14
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.003
Published
2024-08-14
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-08-14
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-08-14
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.
CVSS Score
5.3
EPSS Score
0.009
Published
2024-08-14