Security Vulnerabilities - CVEs Published In February 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-02-28
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-02-28
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-02-28
Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-28
A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255128.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-02-28
SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.
CVSS Score
8.1
EPSS Score
0.007
Published
2024-02-28
SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-28
SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.
CVSS Score
3.8
EPSS Score
0.001
Published
2024-02-28
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-02-28
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-02-28