Security Vulnerabilities - CVEs Published In September 2024
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-09-02
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVSS Score
5.5
EPSS Score
0.002
Published
2024-09-02
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-09-02
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVSS Score
5.5
EPSS Score
0.002
Published
2024-09-02
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-09-02
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-09-02
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-09-02
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-09-02
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-09-02
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-09-01