Security Vulnerabilities - CVEs Published In March 2024
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-21
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-03-21
This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-03-21
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-03-21
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-03-21
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
CVSS Score
4.2
EPSS Score
0.0
Published
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-03-21
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-03-21
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-03-21
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-03-21