Security Vulnerabilities - CVEs Published In August 2024
CVE-2024-42009
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Known exploited
CVSS Score
9.3
EPSS Score
0.912
Published
2024-08-05
Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.
CVSS Score
7.3
EPSS Score
0.006
Published
2024-08-05
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.
CVSS Score
6.1
EPSS Score
0.012
Published
2024-08-05
A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-08-05
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.
CVSS Score
8.8
EPSS Score
0.029
Published
2024-08-05
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.
CVSS Score
6.1
EPSS Score
0.013
Published
2024-08-05
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
CVSS Score
6.0
EPSS Score
0.016
Published
2024-08-05
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
CVSS Score
7.9
EPSS Score
0.023
Published
2024-08-05
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
CVSS Score
6.0
EPSS Score
0.008
Published
2024-08-05
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-08-05