Security Vulnerabilities - CVEs Published In November 2024
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-11-18
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-11-18
A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
CVSS Score
5.8
EPSS Score
0.001
Published
2024-11-18
A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-18
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.17.
Users are recommended to upgrade to version 18.12.17, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.01
Published
2024-11-18
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.17.
Users are recommended to upgrade to version 18.12.17, which fixes the issue.
CVSS Score
8.9
EPSS Score
0.007
Published
2024-11-18
Deserialization of Untrusted Data vulnerability in Apache HertzBeat.
This vulnerability can only be exploited by authorized attackers.
This issue affects Apache HertzBeat: before 1.6.1.
Users are recommended to upgrade to version 1.6.1, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-11-18
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).
This vulnerability can only be exploited by authorized attackers.
This issue affects Apache HertzBeat (incubating): before 1.6.1.
Users are recommended to upgrade to version 1.6.1, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.042
Published
2024-11-18
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat: before 1.6.1.
Users are recommended to upgrade to version 1.6.1, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-11-18
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-11-18