Security Vulnerabilities - CVEs Published In March 2024
In the Linux kernel, the following vulnerability has been resolved:
ALSA: rawmidi - fix the uninitalized user_pversion
The user_pversion was uninitialized for the user space file structure
in the open function, because the file private structure use
kmalloc for the allocation.
The kernel ALSA sequencer code clears the file structure, so no additional
fixes are required.
BugLink: https://github.com/alsa-project/alsa-lib/issues/178
CVSS Score
4.0
EPSS Score
0.0
Published
2024-03-04
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-04
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
CVSS Score
7.4
EPSS Score
0.001
Published
2024-03-04
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-04
Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-04
Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-04
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information
CVSS Score
7.4
EPSS Score
0.001
Published
2024-03-04
Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.
CVSS Score
3.0
EPSS Score
0.0
Published
2024-03-04
A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-03-04
Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.
CVSS Score
7.0
EPSS Score
0.001
Published
2024-03-04