Security Vulnerabilities - CVEs Published In October 2024
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-10-08
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-10-08
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-10-08
in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-10-08
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-10-08
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-10-08
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.
CVSS Score
7.7
EPSS Score
0.005
Published
2024-10-08
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue).
CVSS Score
6.1
EPSS Score
0.006
Published
2024-10-07
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`.
CVSS Score
7.6
EPSS Score
0.003
Published
2024-10-07
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
3.9
EPSS Score
0.001
Published
2024-10-07