Security Vulnerabilities - CVEs Published In March 2024
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. The manipulation of the argument model leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255381 was assigned to this vulnerability.
CVSS Score
2.4
EPSS Score
0.004
Published
2024-03-01
LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
6.5
EPSS Score
0.006
Published
2024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-03-01
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379.
CVSS Score
4.3
EPSS Score
0.005
Published
2024-03-01
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
CVSS Score
6.1
EPSS Score
0.006
Published
2024-03-01
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-03-01