Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
CVSS Score
8.4
EPSS Score
0.554
Published
2024-03-22
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
CVSS Score
9.8
EPSS Score
0.229
Published
2024-03-22
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
CVSS Score
8.4
EPSS Score
0.047
Published
2024-03-22
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.
CVSS Score
6.3
EPSS Score
0.006
Published
2024-03-22
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-03-22
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.
CVSS Score
5.4
EPSS Score
0.005
Published
2024-03-22
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVSS Score
8.2
EPSS Score
0.002
Published
2024-03-22
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
CVSS Score
3.8
EPSS Score
0.002
Published
2024-03-22
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-22
A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-03-22


Contact Us

Shodan ® - All rights reserved