Security Vulnerabilities - CVEs Published In May 2024
A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-05-28
A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-05-28
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to sensitive information disclosure.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-05-28
CVE-2024-5274
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
9.6
EPSS Score
0.037
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
CVSS Score
5.3
EPSS Score
0.0
Published
2024-05-28
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
CVSS Score
7.8
EPSS Score
0.012
Published
2024-05-28
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the vertex section of an `.off` file processed via the `readOFF` function.
CVSS Score
7.8
EPSS Score
0.087
Published
2024-05-28