Security Vulnerabilities - CVEs Published In May 2024
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.01
Published
2024-05-28
A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.009
Published
2024-05-28
A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-05-28
A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.012
Published
2024-05-28
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to sensitive information disclosure.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-05-28
CVE-2024-5274
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
9.6
EPSS Score
0.064
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
CVSS Score
5.3
EPSS Score
0.0
Published
2024-05-28