Security Vulnerabilities - CVEs Published In May 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-14
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-14
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-05-14
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)
CVSS Score
7.8
EPSS Score
0.002
Published
2024-05-14
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application
CVSS Score
8.1
EPSS Score
0.005
Published
2024-05-14
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-14
A local attacker with low privileges can use a command injection vulnerability to gain root
privileges due to improper input validation using the OCPP Remote service.
CVSS Score
7.8
EPSS Score
0.003
Published
2024-05-14
A low privileged remote attacker can use a command injection vulnerability in the API which performs
remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.
CVSS Score
5.0
EPSS Score
0.01
Published
2024-05-14
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based
management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.
CVSS Score
7.0
EPSS Score
0.007
Published
2024-05-14
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root
privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-14