Security Vulnerabilities - CVEs Published In July 2024
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.
CVSS Score
5.7
EPSS Score
0.001
Published
2024-07-10
The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37554 is potentially a duplicate of this.
CVSS Score
6.4
EPSS Score
0.005
Published
2024-07-10
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS Score
8.8
EPSS Score
0.158
Published
2024-07-10
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-07-10
Windows Text Services Framework Elevation of Privilege Vulnerability
CVSS Score
8.8
EPSS Score
0.018
Published
2024-07-10
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-07-09
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
CVSS Score
1.8
EPSS Score
0.001
Published
2024-07-09
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
8.4
EPSS Score
0.004
Published
2024-07-09
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
8.4
EPSS Score
0.004
Published
2024-07-09
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-09