Security Vulnerabilities - CVEs Published In February 2024
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-02-27
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-27
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-02-27
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.
CVSS Score
7.5
EPSS Score
0.032
Published
2024-02-27
An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-02-27
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-02-27
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-02-27
SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-26
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.
CVSS Score
9.8
EPSS Score
0.046
Published
2024-02-26
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with policy (because the webhooks for the repo do not match any known repository in the database). When attempting to register a repo with a different repo ID, the registered provider must have admin on the named repo, or a 404 error will result. Similarly, if the stored provider token does not have repo access, then the remediations will not apply successfully. Lastly, it appears that reconciliation actions do not execute against repos with this type of mismatch. This appears to primarily be a potential denial-of-service vulnerability. This vulnerability is patched in version 0.20240226.1425+ref.53868a8.
CVSS Score
4.6
EPSS Score
0.002
Published
2024-02-26