U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,234 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-3019

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.

Published: March 28, 2024; 3:15:49 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31065

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.

Published: March 28, 2024; 3:15:49 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31064

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.

Published: March 28, 2024; 3:15:49 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.

Published: March 28, 2024; 3:15:49 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31062

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31061

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2947

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28713

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27719

A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25971

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25963

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

Published: March 28, 2024; 3:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25960

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25955

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25954

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25953

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25952

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25946

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Published: March 28, 2024; 3:15:47 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25961

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Published: March 28, 2024; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25959

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.

Published: March 28, 2024; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-42974

A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.

Published: March 28, 2024; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)