Security Vulnerabilities - CVEs Published In April 2024
A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-04-03
A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-04-03
A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-04-03
A vulnerability was found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/edit_activity_query.php. The manipulation of the argument title/description/start/end leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259106 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-04-03
A vulnerability was found in SourceCodester Internship Portal Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/add_activity.php. The manipulation of the argument title/description/start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259107.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-04-03
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7.
CVSS Score
10.0
EPSS Score
0.01
Published
2024-04-03
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-04-03
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
CVSS Score
9.8
EPSS Score
0.903
Published
2024-04-03
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVSS Score
7.5
EPSS Score
0.286
Published
2024-04-03
An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVSS Score
5.3
EPSS Score
0.174
Published
2024-04-03