Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-27104 |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13. Published: March 18, 2024; 1:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27098 |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13. Published: March 18, 2024; 1:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27096 |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13. Published: March 18, 2024; 1:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2390 |
As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. Published: March 18, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2229 |
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. Published: March 18, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2052 |
CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location. Published: March 18, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2051 |
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. Published: March 18, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2050 |
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product. Published: March 18, 2024; 12:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27937 |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. Published: March 18, 2024; 12:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27930 |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13. Published: March 18, 2024; 12:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-20757 |
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 12:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20756 |
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 12:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20755 |
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 12:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20752 |
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 12:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-1658 |
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: March 18, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1333 |
The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks Published: March 18, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1331 |
The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. Published: March 18, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22257 |
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. Published: March 18, 2024; 11:15:41 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-20746 |
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 11:15:41 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20745 |
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 11:15:41 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |