Security Vulnerabilities - CVEs Published In July 2024
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-07-09
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-07-09
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall.
This issue affects Fireware OS: from 11.9.6 through 12.10.3.
CVSS Score
7.2
EPSS Score
0.063
Published
2024-07-09
A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as deleting projects or sending messages. The issue arises from the lack of proper origin validation, allowing unauthorized cross-origin requests to be executed. The vulnerability is present in all versions of the repository, as no fixed version has been specified.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-07-09
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
CVSS Score
4.3
EPSS Score
0.003
Published
2024-07-08
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-07-08
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates.
CVSS Score
2.3
EPSS Score
0.001
Published
2024-07-08
Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-07-08
tap-windows6 driver version 9.26 and earlier does not properly
check the size data of incomming write operations which an attacker can
use to overflow memory buffers, resulting in a bug check and potentially
arbitrary code execution in kernel space
CVSS Score
9.8
EPSS Score
0.083
Published
2024-07-08
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-07-08