Security Vulnerabilities - CVEs Published In May 2024
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution using custom file upload task.
CVSS Score
7.8
EPSS Score
0.008
Published
2024-05-15
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation
or file disclosure.
CVSS Score
5.7
EPSS Score
0.004
Published
2024-05-15
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to senstive information disclosure.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-05-15
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
CVSS Score
7.8
EPSS Score
0.03
Published
2024-05-15
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch.
CVSS Score
8.5
EPSS Score
0.002
Published
2024-05-15
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-05-15
A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6
CVSS Score
4.8
EPSS Score
0.001
Published
2024-05-15
Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-05-15
Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-15
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
CVSS Score
7.4
EPSS Score
0.001
Published
2024-05-15