Security Vulnerabilities - CVEs Published In September 2024
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.044
Published
2024-09-10
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.044
Published
2024-09-10
Windows Security Zone Mapping Security Feature Bypass Vulnerability
CVSS Score
7.8
EPSS Score
0.004
Published
2024-09-10
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-09-10
Windows TCP/IP Remote Code Execution Vulnerability
CVSS Score
8.1
EPSS Score
0.026
Published
2024-09-10
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-09-10
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
CVSS Score
7.5
EPSS Score
0.021
Published
2024-09-10
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1.
CVSS Score
5.3
EPSS Score
0.821
Published
2024-09-10
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in versions 6.0.0 and 5.2.6.
CVSS Score
8.2
EPSS Score
0.003
Published
2024-09-10
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.
CVSS Score
9.0
EPSS Score
0.004
Published
2024-09-10