Security Vulnerabilities - CVEs Published In May 2024
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-15
A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6
CVSS Score
4.8
EPSS Score
0.001
Published
2024-05-15
Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-05-15
Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-15
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
CVSS Score
7.4
EPSS Score
0.001
Published
2024-05-15
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.
CVSS Score
7.4
EPSS Score
0.001
Published
2024-05-15
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVSS Score
8.1
EPSS Score
0.004
Published
2024-05-15
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
CVSS Score
7.2
EPSS Score
0.004
Published
2024-05-15
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-05-15
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-05-15