Security Vulnerabilities - CVEs Published In August 2024
An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-08-20
A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. The patch is named be702ada7cb6fdabc02689d90b38139c827458a5. It is recommended to upgrade the affected component.
CVSS Score
7.3
EPSS Score
0.004
Published
2024-08-20
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
CVSS Score
8.7
EPSS Score
0.013
Published
2024-08-20
A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
CVSS Score
7.7
EPSS Score
0.01
Published
2024-08-20
A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The patch is identified as 45ac90d6d1f82716f77dbcdf8e7309c229080e3c. It is recommended to apply a patch to fix this issue.
CVSS Score
3.5
EPSS Score
0.005
Published
2024-08-20
Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-08-20
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-08-20
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
CVSS Score
8.1
EPSS Score
0.004
Published
2024-08-20
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure.
CVSS Score
7.5
EPSS Score
0.008
Published
2024-08-20