Security Vulnerabilities - CVEs Published In September 2024
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-09-17
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.
CVSS Score
7.3
EPSS Score
0.002
Published
2024-09-17
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.
CVSS Score
5.6
EPSS Score
0.002
Published
2024-09-17
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-09-17
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.
This could allow an attacker to manipulate a pac4j session cookie.
This issue affects Apache Druid versions 0.18.0 through 30.0.0.
Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability.
While we are not aware of a way to meaningfully exploit this flaw, we
nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue
and ensuring you have a strong
druid.auth.pac4j.cookiePassphrase as a precaution.
CVSS Score
5.3
EPSS Score
0.009
Published
2024-09-17
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list.
Users without the permission to configure JDBC connections are not able to exploit this vulnerability.
CVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2.
This issue is fixed in Apache Druid 30.0.1.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-09-17
Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-09-17
Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. This could lead to: **Session Hijacking**: Stealing session cookies, tokens, or other sensitive information. **User Impersonation**: Performing unauthorized actions on behalf of authenticated users. **Phishing**: Redirecting users to malicious websites. **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. The severity of this vulnerability depends on the context of where the affected component is used, but in all cases, it poses a significant risk to user security. This issue has been addressed in release versions 1.19.3 and 2.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-09-17
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a
stored XSS vulnerability in the "Top Navigator Bar" block.
Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6
with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This
does not affect versions below 9.0.0 since they do not have the Top
Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-09-17
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
CVSS Score
8.1
EPSS Score
0.038
Published
2024-09-17