Security Vulnerabilities - CVEs Published In September 2024
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.do of the component Attachment Handler. The manipulation of the argument oid leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-09-19
A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
6.3
EPSS Score
0.127
Published
2024-09-19
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
6.5
EPSS Score
0.004
Published
2024-09-19
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
6.5
EPSS Score
0.005
Published
2024-09-19
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.3
EPSS Score
0.004
Published
2024-09-19
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.01
Published
2024-09-19
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
CVSS Score
6.1
EPSS Score
0.009
Published
2024-09-19
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-09-19
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-09-19
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
CVSS Score
4.3
EPSS Score
0.0
Published
2024-09-19