Security Vulnerabilities - CVEs Published In March 2024
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-03-06
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-03-06
OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.
CVSS Score
5.4
EPSS Score
0.017
Published
2024-03-06
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-03-05
An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-05
Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function.
CVSS Score
9.6
EPSS Score
0.004
Published
2024-03-05
Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components.
CVSS Score
9.6
EPSS Score
0.003
Published
2024-03-05
An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-05
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.
CVSS Score
9.8
EPSS Score
0.011
Published
2024-03-05
Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-03-05