Security Vulnerabilities - CVEs Published In April 2024
BitLocker Security Feature Bypass Vulnerability
CVSS Score
6.1
EPSS Score
0.005
Published
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
CVSS Score
6.7
EPSS Score
0.001
Published
2024-04-09
Outlook for Windows Spoofing Vulnerability
CVSS Score
8.1
EPSS Score
0.051
Published
2024-04-09
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.
The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.
This issue affects Apache Zeppelin: before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.011
Published
2024-04-09
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.006
Published
2024-04-09
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can execute shell scripts or malicious code by overriding configuration likeĀ ZEPPELIN_INTP_CLASSPATH_OVERRIDES.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.011
Published
2024-04-09
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
6.1
EPSS Score
0.015
Published
2024-04-09
A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-09
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.
CVSS Score
8.3
EPSS Score
0.004
Published
2024-04-09
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
CVSS Score
8.8
EPSS Score
0.01
Published
2024-04-09