Security Vulnerabilities - CVEs Published In September 2024
The goTenna Pro ATAK Plugin does not inject extra characters into
broadcasted frames to obfuscate the length of messages. This makes it
possible to tell the length of the payload regardless of the encryption
used.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-09-26
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-09-26
An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-09-26
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-09-26
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-09-26
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim's browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin without their consent.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-26
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-09-26
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-09-26
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
CVSS Score
5.3
EPSS Score
0.006
Published
2024-09-26
Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-09-26