U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,237 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-28091

Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion).

Published: March 28, 2024; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28090

Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp.

Published: March 28, 2024; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25506

Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie.

Published: March 28, 2024; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-3019

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.

Published: March 28, 2024; 3:15:49 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31065

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.

Published: March 28, 2024; 3:15:49 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31064

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.

Published: March 28, 2024; 3:15:49 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.

Published: March 28, 2024; 3:15:49 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31062

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31061

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2947

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28713

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27719

A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25971

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25963

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25960

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25955

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25954

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25953

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25952

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25946

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)