Security Vulnerabilities - CVEs Published In February 2024
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
CVSS Score
7.6
EPSS Score
0.007
Published
2024-02-20
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-02-20
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain
arbitrary local files. This is possible because the application does not
validate the HTML content entered by the user.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-20
electron-pdf version 20.0.0 allows an external attacker to remotely obtain
arbitrary local files. This is possible because the application does not
validate the HTML content entered by the user.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-20
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-20
Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to OS Command Injection.
CVSS Score
10.0
EPSS Score
0.017
Published
2024-02-20
Suite CRM version 7.14.2 allows including local php files. This is possible
because the application is vulnerable to LFI.
CVSS Score
9.9
EPSS Score
0.003
Published
2024-02-20
Torrentpier version 2.4.1 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to insecure deserialization.
CVSS Score
10.0
EPSS Score
0.767
Published
2024-02-20
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
CVSS Score
7.5
EPSS Score
0.008
Published
2024-02-19
PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.
CVSS Score
5.8
EPSS Score
0.004
Published
2024-02-19