Security Vulnerabilities - CVEs Published In March 2024
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-20
The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-20