Security Vulnerabilities - CVEs Published In August 2024
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-08-22
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-08-22
Path Traversal vulnerability discovered in OpenTextâ„¢ CX-E Voice,
affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-08-22
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-08-22
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.021
Published
2024-08-22
An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-08-22
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.008
Published
2024-08-22
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-08-22
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-08-22
Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-08-22