U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 227,954 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2024-20768

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Published: March 18, 2024; 2:15:09 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2024-20764

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-20763

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-20762

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-20761

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 2:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-20760

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Published: March 18, 2024; 2:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2024-20754

Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 2:15:07 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-28054

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

Published: March 18, 2024; 1:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 1:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 1:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27098

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 1:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27096

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 1:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2390

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Published: March 18, 2024; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2229

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user.

Published: March 18, 2024; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2052

CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location.

Published: March 18, 2024; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2051

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form.

Published: March 18, 2024; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2050

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product.

Published: March 18, 2024; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27937

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27930

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-20757

Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 12:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)