Security Vulnerabilities - CVEs Published In November 2024
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-11-22
Possible Reflected Cross-Site Scripting (XSS) Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-11-22
Possible XSS in iManager URL for access Component has been discovered in
OpenText™ iManager 3.2.5.0000.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-11-22
Possible
External Service Interaction attack
in iManager has been discovered in
OpenText™ iManager 3.2.6.0000.
CVSS Score
8.6
EPSS Score
0.001
Published
2024-11-22
Possible XSS in iManager URL for access Component has been discovered in
OpenText™ iManager 3.2.6.0000.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-11-22
Possible XML External Entity Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0200.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-22
Possible Command Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0000.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-11-22
Possible Elevation of Privilege Vulnerability
in iManager has been discovered in
OpenText™ iManager. This impacts all versions before 3.2.5
CVSS Score
8.8
EPSS Score
0.001
Published
2024-11-22
Possible Command injection Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-11-22
Possible improper input validation Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-11-22