Lista CVE - 2024 / Febbraio
Visualizzazione 2401 - 2500 di 2784 CVE per Febbraio 2024 (Pagina 25 di 28)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-46972 | 2024-02-27 | ovl: fix leaked dentry |
| CVE-2021-46973 | 2024-02-27 | net: qrtr: Avoid potential use after free in MHI send |
| CVE-2021-46974 | 2024-02-27 | bpf: Fix masking negation logic upon negative dst register |
| CVE-2024-27099 | 2024-02-27 | Azure IoT Platform Device SDK Double Free Vulnerability |
| CVE-2024-0763 | 2024-02-27 | Improper validation of document removal parameter |
| CVE-2024-26294 | 2024-02-27 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2024-26295 | 2024-02-27 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2024-26296 | 2024-02-27 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2024-26297 | 2024-02-27 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2024-26298 | 2024-02-27 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2024-26299 | 2024-02-27 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of... |
| CVE-2024-26300 | 2024-02-27 | A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the... |
| CVE-2024-26301 | 2024-02-27 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker... |
| CVE-2024-26302 | 2024-02-27 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker... |
| CVE-2023-43769 | 2024-02-28 | An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics. |
| CVE-2023-45859 | 2024-02-28 | In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users... |
| CVE-2023-45873 | 2024-02-28 | An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer. |
| CVE-2023-49338 | 2024-02-28 | Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost. |
| CVE-2023-49931 | 2024-02-28 | An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted. |
| CVE-2023-49932 | 2024-02-28 | An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions. |
| CVE-2023-50436 | 2024-02-28 | An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5. |
| CVE-2023-50437 | 2024-02-28 | An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2. |
| CVE-2023-52047 | 2024-02-28 | Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager. |
| CVE-2023-52048 | 2024-02-28 | RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/. |
| CVE-2024-22532 | 2024-02-28 | Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. |
| CVE-2024-22723 | 2024-02-28 | Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/'... |
| CVE-2024-23302 | 2024-02-28 | Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. |
| CVE-2024-24147 | 2024-02-28 | A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. |
| CVE-2024-24148 | 2024-02-28 | A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. |
| CVE-2024-24149 | 2024-02-28 | A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. |
| CVE-2024-24155 | 2024-02-28 | Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This... |
| CVE-2024-25170 | 2024-02-28 | An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header. |
| CVE-2024-25351 | 2024-02-28 | SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter. |
| CVE-2024-25830 | 2024-02-28 | F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the... |
| CVE-2024-25831 | 2024-02-28 | F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web... |
| CVE-2024-25833 | 2024-02-28 | F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database. |
| CVE-2024-25859 | 2024-02-28 | A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. |
| CVE-2024-25866 | 2024-02-28 | A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component. |
| CVE-2024-25867 | 2024-02-28 | A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php... |
| CVE-2024-25868 | 2024-02-28 | A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component. |
| CVE-2024-25869 | 2024-02-28 | An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the... |
| CVE-2024-26450 | 2024-02-28 | An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored... |
| CVE-2024-26476 | 2024-02-28 | An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. |
| CVE-2024-26559 | 2024-02-28 | An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information. |
| CVE-2024-27515 | 2024-02-28 | Osclass 5.1.2 is vulnerable to SQL Injection. |
| CVE-2024-27516 | 2024-02-28 | Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php. |
| CVE-2024-27517 | 2024-02-28 | Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions. |
| CVE-2023-45874 | 2024-02-28 | An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads). |
| CVE-2023-49930 | 2024-02-28 | An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted. |
| CVE-2024-22983 | 2024-02-28 | SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. |
| CVE-2024-24146 | 2024-02-28 | A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. |
| CVE-2024-24150 | 2024-02-28 | A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. |
| CVE-2024-25169 | 2024-02-28 | An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request. |
| CVE-2024-25202 | 2024-02-28 | Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. |
| CVE-2024-25350 | 2024-02-28 | SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. |
| CVE-2024-25422 | 2024-02-28 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component. |
| CVE-2024-25435 | 2024-02-28 | A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. |
| CVE-2024-25832 | 2024-02-28 | F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. |
| CVE-2024-26342 | 2024-02-28 | A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet. |
| CVE-2024-27913 | 2024-02-28 | ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted... |
| CVE-2024-1892 | 2024-02-28 | ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider |
| CVE-2024-1932 | 2024-02-28 | Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout |
| CVE-2023-50303 | 2024-02-28 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-50734 | 2024-02-28 | A vulnerability has been identified in the PostScript interpreter in various Lexmark devices. |
| CVE-2023-50735 | 2024-02-28 | A vulnerability has been identified in the PostScript interpreter in various Lexmark devices. |
| CVE-2023-50736 | 2024-02-28 | A vulnerability has been identified in the PostScript interpreter in various Lexmark devices. |
| CVE-2023-50737 | 2024-02-28 | An input validation vulnerability in the SE Menu allows an attacker to execute arbitrary code. |
| CVE-2024-0550 | 2024-02-28 | Privileged User using traversal to read system files |
| CVE-2024-1568 | 2024-02-28 | The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated... |
| CVE-2024-1388 | 2024-02-28 | The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13.... |
| CVE-2024-1943 | 2024-02-28 | The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the... |
| CVE-2020-36778 | 2024-02-28 | i2c: xiic: fix reference leak when pm_runtime_get_sync fails |
| CVE-2020-36779 | 2024-02-28 | i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails |
| CVE-2020-36780 | 2024-02-28 | i2c: sprd: fix reference leak when pm_runtime_get_sync fails |
| CVE-2020-36781 | 2024-02-28 | i2c: imx: fix reference leak when pm_runtime_get_sync fails |
| CVE-2020-36782 | 2024-02-28 | i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails |
| CVE-2020-36783 | 2024-02-28 | i2c: img-scb: fix reference leak when pm_runtime_get_sync fails |
| CVE-2020-36784 | 2024-02-28 | i2c: cadence: fix reference leak when pm_runtime_get_sync fails |
| CVE-2020-36785 | 2024-02-28 | media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() |
| CVE-2020-36786 | 2024-02-28 | media: [next] staging: media: atomisp: fix memory leak of object flash |
| CVE-2020-36787 | 2024-02-28 | media: aspeed: fix clock handling logic |
| CVE-2021-46976 | 2024-02-28 | drm/i915: Fix crash in auto_retire |
| CVE-2021-46977 | 2024-02-28 | KVM: VMX: Disable preemption when probing user return MSRs |
| CVE-2021-46978 | 2024-02-28 | KVM: nVMX: Always make an attempt to map eVMCS after migration |
| CVE-2021-46979 | 2024-02-28 | iio: core: fix ioctl handlers removal |
| CVE-2021-46980 | 2024-02-28 | usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 |
| CVE-2021-46981 | 2024-02-28 | nbd: Fix NULL pointer in flush_workqueue |
| CVE-2021-46982 | 2024-02-28 | f2fs: compress: fix race condition of overwrite vs truncate |
| CVE-2021-46983 | 2024-02-28 | nvmet-rdma: Fix NULL deref when SEND is completed with error |
| CVE-2021-46984 | 2024-02-28 | kyber: fix out of bounds access when preempted |
| CVE-2021-46985 | 2024-02-28 | ACPI: scan: Fix a memory leak in an error handling path |
| CVE-2021-46986 | 2024-02-28 | usb: dwc3: gadget: Free gadget structure only after freeing endpoints |
| CVE-2021-46987 | 2024-02-28 | btrfs: fix deadlock when cloning inline extents and using qgroups |
| CVE-2021-46988 | 2024-02-28 | userfaultfd: release page in error path to avoid BUG_ON |
| CVE-2021-46989 | 2024-02-28 | hfsplus: prevent corruption in shrinking truncate |
| CVE-2021-46990 | 2024-02-28 | powerpc/64s: Fix crashes when toggling entry flush barrier |
| CVE-2021-46991 | 2024-02-28 | i40e: Fix use-after-free in i40e_client_subtask() |
| CVE-2021-46992 | 2024-02-28 | netfilter: nftables: avoid overflows in nft_hash_buckets() |
| CVE-2021-46993 | 2024-02-28 | sched: Fix out-of-bound access in uclamp |
| CVE-2021-46994 | 2024-02-28 | can: mcp251x: fix resume from sleep before interface was brought up |