Security Vulnerabilities - CVEs Published In September 2024
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-09-10
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-09-10
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-09-10
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-09-10
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.
CVSS Score
8.1
EPSS Score
0.005
Published
2024-09-10
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.
CVSS Score
8.1
EPSS Score
0.005
Published
2024-09-10
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.
CVSS Score
5.7
EPSS Score
0.002
Published
2024-09-10
A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.
CVSS Score
8.1
EPSS Score
0.009
Published
2024-09-10
A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.
CVSS Score
8.1
EPSS Score
0.009
Published
2024-09-10
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.
CVSS Score
8.1
EPSS Score
0.005
Published
2024-09-10