Lista CVE - 2024 / Febbraio
Visualizzazione 2301 - 2400 di 2784 CVE per Febbraio 2024 (Pagina 24 di 28)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-7203 | 2024-02-27 | Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion |
| CVE-2023-6585 | 2024-02-27 | JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE |
| CVE-2023-6584 | 2024-02-27 | JobSearch WP Job Board < 2.3.4 - Authentication Bypass |
| CVE-2023-7198 | 2024-02-27 | WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes |
| CVE-2023-7115 | 2024-02-27 | PageLayer < 1.8.1 - Admin+ Stored XSS |
| CVE-2024-0855 | 2024-02-27 | Spiffy Calendar < 4.9.9 - Broken Access Control |
| CVE-2023-7165 | 2024-02-27 | JetBackup < 2.0.9.9 - Directory Listing Exposing Backups |
| CVE-2024-1106 | 2024-02-27 | Shariff Wrapper < 4.6.10 - Admin+ Stored XSS |
| CVE-2023-51518 | 2024-02-27 | Apache James server: Privilege escalation via JMX pre-authentication deserialisation |
| CVE-2021-46921 | 2024-02-27 | locking/qrwlock: Fix ordering in queued_write_lock_slowpath() |
| CVE-2021-46922 | 2024-02-27 | KEYS: trusted: Fix TPM reservation for seal/unseal |
| CVE-2021-46923 | 2024-02-27 | fs/mount_setattr: always cleanup mount_kattr |
| CVE-2021-46924 | 2024-02-27 | NFC: st21nfca: Fix memory leak in device probe and remove |
| CVE-2021-46925 | 2024-02-27 | net/smc: fix kernel panic caused by race of smc_sock |
| CVE-2021-46926 | 2024-02-27 | ALSA: hda: intel-sdw-acpi: harden detection of controller |
| CVE-2021-46927 | 2024-02-27 | nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert |
| CVE-2021-46928 | 2024-02-27 | parisc: Clear stale IIR value on instruction access rights trap |
| CVE-2021-46929 | 2024-02-27 | sctp: use call_rcu to free endpoint |
| CVE-2021-46930 | 2024-02-27 | usb: mtu3: fix list_head check warning |
| CVE-2021-46931 | 2024-02-27 | net/mlx5e: Wrap the tx reporter dump callback to extract the sq |
| CVE-2021-46932 | 2024-02-27 | Input: appletouch - initialize work before device registration |
| CVE-2021-46933 | 2024-02-27 | usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. |
| CVE-2021-46934 | 2024-02-27 | i2c: validate user data in compat ioctl |
| CVE-2021-46935 | 2024-02-27 | binder: fix async_free_space accounting for empty parcels |
| CVE-2021-46936 | 2024-02-27 | net: fix use-after-free in tw_timer_handler |
| CVE-2021-46937 | 2024-02-27 | mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' |
| CVE-2023-5993 | 2024-02-27 | Privilege Escalation in SafeNet Authentication Client Installer |
| CVE-2023-7016 | 2024-02-27 | Privilege Escalation in SafeNet Authentication Client |
| CVE-2024-1907 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the... |
| CVE-2024-1653 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This... |
| CVE-2024-1909 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the... |
| CVE-2024-1912 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the... |
| CVE-2024-1906 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the... |
| CVE-2024-1652 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4.... |
| CVE-2024-1910 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the... |
| CVE-2024-1649 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4.... |
| CVE-2024-1650 | 2024-02-27 | The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4.... |
| CVE-2024-0197 | 2024-02-27 | Privilege Escalation in Thales SafeNet Sentinel HASP LDK |
| CVE-2024-1918 | 2024-02-27 | Byzoro Smart S42 Management Platform userattestation.php unrestricted upload |
| CVE-2023-51747 | 2024-02-27 | SMTP smuggling in Apache James |
| CVE-2024-1919 | 2024-02-27 | SourceCodester Online Job Portal Manage Walkin Page ManageWalkin.php cross site scripting |
| CVE-2024-1920 | 2024-02-27 | osuuu LightPicture TokenVerify.php handle hard-coded key |
| CVE-2024-0819 | 2024-02-27 | Incomplete protection of personal password settings |
| CVE-2024-0551 | 2024-02-27 | Download and export of file via default user role |
| CVE-2024-27905 | 2024-02-27 | Apache Aurora: padding oracle can allow construction an authentication cookie |
| CVE-2024-1921 | 2024-02-27 | osuuu LightPicture Setup.php unrestricted upload |
| CVE-2024-26142 | 2024-02-27 | Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch |
| CVE-2024-1922 | 2024-02-27 | SourceCodester Online Job Portal Manage Job Page ManageJob.php cross site scripting |
| CVE-2024-26143 | 2024-02-27 | Rails Possible XSS Vulnerability in Action Controller |
| CVE-2024-1403 | 2024-02-27 | Authentication Bypass in OpenEdge Authentication Gateway and AdminServer |
| CVE-2024-26144 | 2024-02-27 | Possible Sensitive Session Information Leak in Active Storage |
| CVE-2024-1923 | 2024-02-27 | SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection |
| CVE-2024-21742 | 2024-02-27 | Apache James Mime4J: Mime4J DOM header injection |
| CVE-2024-1924 | 2024-02-27 | CodeAstro Membership Management System get_membership_amount.php sql injection |
| CVE-2023-48678 | 2024-02-27 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. |
| CVE-2023-48679 | 2024-02-27 | Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. |
| CVE-2023-48680 | 2024-02-27 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. |
| CVE-2023-50380 | 2024-02-27 | Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server |
| CVE-2023-48681 | 2024-02-27 | Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. |
| CVE-2023-48682 | 2024-02-27 | Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. |
| CVE-2024-1925 | 2024-02-27 | Ctcms Upsys.php unrestricted upload |
| CVE-2024-1926 | 2024-02-27 | SourceCodester Free and Open Source Inventory Management System search_sales_report.php sql injection |
| CVE-2024-1927 | 2024-02-27 | SourceCodester Web-Based Student Clearance System login.php sql injection |
| CVE-2024-1928 | 2024-02-27 | SourceCodester Web-Based Student Clearance System Edit User Profile Page edit-admin.php sql injection |
| CVE-2024-22251 | 2024-02-27 | Out-of-bounds read vulnerability |
| CVE-2024-1722 | 2024-02-27 | Keycloak-core: dos via account lockout |
| CVE-2020-36776 | 2024-02-27 | thermal/drivers/cpufreq_cooling: Fix slab OOB issue |
| CVE-2020-36777 | 2024-02-27 | media: dvbdev: Fix memory leak in dvb_media_device_free() |
| CVE-2021-46938 | 2024-02-27 | dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails |
| CVE-2021-46939 | 2024-02-27 | tracing: Restructure trace_clock_global() to never block |
| CVE-2021-46940 | 2024-02-27 | tools/power turbostat: Fix offset overflow issue in index converting |
| CVE-2021-46941 | 2024-02-27 | usb: dwc3: core: Do core softreset when switch mode |
| CVE-2021-46942 | 2024-02-27 | io_uring: fix shared sqpoll cancellation hangs |
| CVE-2021-46943 | 2024-02-27 | media: staging/intel-ipu3: Fix set_fmt error handling |
| CVE-2021-46944 | 2024-02-27 | media: staging/intel-ipu3: Fix memory leak in imu_fmt |
| CVE-2021-46945 | 2024-02-27 | ext4: always panic when errors=panic is specified |
| CVE-2021-46947 | 2024-02-27 | sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues |
| CVE-2021-46948 | 2024-02-27 | sfc: farch: fix TX queue lookup in TX event handling |
| CVE-2021-46949 | 2024-02-27 | sfc: farch: fix TX queue lookup in TX flush done handling |
| CVE-2021-46950 | 2024-02-27 | md/raid1: properly indicate failure when ending a failed write request |
| CVE-2021-46951 | 2024-02-27 | tpm: efi: Use local variable for calculating final log size |
| CVE-2021-46952 | 2024-02-27 | NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds |
| CVE-2021-46953 | 2024-02-27 | ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure |
| CVE-2021-46954 | 2024-02-27 | net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets |
| CVE-2021-46955 | 2024-02-27 | openvswitch: fix stack OOB read while fragmenting IPv4 packets |
| CVE-2021-46956 | 2024-02-27 | virtiofs: fix memory leak in virtio_fs_probe() |
| CVE-2021-46957 | 2024-02-27 | riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe |
| CVE-2021-46958 | 2024-02-27 | btrfs: fix race between transaction aborts and fsyncs leading to use-after-free |
| CVE-2021-46960 | 2024-02-27 | cifs: Return correct error code from smb2_get_enc_key |
| CVE-2021-46961 | 2024-02-27 | irqchip/gic-v3: Do not enable irqs when handling spurious interrups |
| CVE-2021-46962 | 2024-02-27 | mmc: uniphier-sd: Fix a resource leak in the remove function |
| CVE-2021-46963 | 2024-02-27 | scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() |
| CVE-2021-46964 | 2024-02-27 | scsi: qla2xxx: Reserve extra IRQ vectors |
| CVE-2021-46965 | 2024-02-27 | mtd: physmap: physmap-bt1-rom: Fix unintentional stack access |
| CVE-2021-46966 | 2024-02-27 | ACPI: custom_method: fix potential use-after-free issue |
| CVE-2021-46967 | 2024-02-27 | vhost-vdpa: fix vm_flags for virtqueue doorbell mapping |
| CVE-2021-46968 | 2024-02-27 | s390/zcrypt: fix zcard and zqueue hot-unplug memleak |
| CVE-2021-46969 | 2024-02-27 | bus: mhi: core: Fix invalid error returning in mhi_queue |
| CVE-2021-46970 | 2024-02-27 | bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue |
| CVE-2021-46971 | 2024-02-27 | perf/core: Fix unconditional security_locked_down() call |