Security Vulnerabilities - CVEs Published In April 2024
O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-04-30
O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-04-30
Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-30
Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-04-30
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-04-29
Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-29
Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.
CVSS Score
9.8
EPSS Score
0.066
Published
2024-04-29
An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option.
CVSS Score
2.1
EPSS Score
0.0
Published
2024-04-29
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-04-29
An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component.
CVSS Score
7.1
EPSS Score
0.013
Published
2024-04-29