U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 227,965 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2024-1753

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

Published: March 18, 2024; 11:15:41 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2599

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.

Published: March 18, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2598

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Published: March 18, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2597

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Published: March 18, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2596

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Published: March 18, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2595

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Published: March 18, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2594

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Published: March 18, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2593

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

Published: March 18, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2592

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2591

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2590

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2589

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2588

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2587

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2586

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2585

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2584

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Published: March 18, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28547

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function.

Published: March 18, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28537

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.

Published: March 18, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27774

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware

Published: March 18, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)