Security Vulnerabilities - CVEs Published In September 2024
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
CVSS Score
4.1
EPSS Score
0.0
Published
2024-09-19
CVE-2024-8963
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
Known exploited
CVSS Score
9.4
EPSS Score
0.942
Published
2024-09-19
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
CVSS Score
4.3
EPSS Score
0.0
Published
2024-09-19
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-09-19
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-19
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-19
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-19
Microsoft Office Visio Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.011
Published
2024-09-19
There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance. Afterwards, Reverb copies the content in tensor_content to the previously mentioned pre-allocated memory, which results in the bytes in tensor_content overwriting the vtable pointers of all the objects which were previously allocated. Reverb exposes 2 relevant gRPC endpoints: InsertStream and SampleStream. The attacker can insert this stream into the server’s database, then when the client next calls SampleStream they will unpack the tensor into RAM, and when any method on that object is called (including its destructor) the attacker gains control of the Program Counter. We recommend upgrading past git commit https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-19
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
CVSS Score
6.1
EPSS Score
0.03
Published
2024-09-19