Lista CVE - 2024 / Febbraio
Visualizzazione 301 - 400 di 2784 CVE per Febbraio 2024 (Pagina 4 di 28)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-20007 | 2024-02-05 | In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-20009 | 2024-02-05 | In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges... |
| CVE-2024-20010 | 2024-02-05 | In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2024-20011 | 2024-02-05 | In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction... |
| CVE-2024-20003 | 2024-02-05 | In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection... |
| CVE-2024-20012 | 2024-02-05 | In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2024-20013 | 2024-02-05 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20015 | 2024-02-05 | In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2024-20016 | 2024-02-05 | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction... |
| CVE-2024-20001 | 2024-02-05 | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20002 | 2024-02-05 | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20004 | 2024-02-05 | In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection... |
| CVE-2024-24866 | 2024-02-05 | WordPress Biteship Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24865 | 2024-02-05 | WordPress Scroll Triggered Box Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24848 | 2024-02-05 | WordPress PT Sign Ups Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24847 | 2024-02-05 | WordPress CalculatorPro Calculators Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24846 | 2024-02-05 | WordPress Mighty Addons for Elementor Plugin <= 1.9.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24841 | 2024-02-05 | WordPress Add Customer for WooCommerce Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24839 | 2024-02-05 | WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24838 | 2024-02-05 | WordPress Five Star Restaurant Reviews Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-7077 | 2024-02-05 | Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows... |
| CVE-2024-22386 | 2024-02-05 | Race condition vulnerability in Linux kernel drm/exynos exynos_drm_crtc_atomic_disable |
| CVE-2024-23196 | 2024-02-05 | Race condition vulnerability in Linux kernel sound/hda snd_hdac_regmap_sync |
| CVE-2024-24855 | 2024-02-05 | Race condition vulnerability in Linux kernel scsi device driver lpfc_unregister_fcf_rescan() |
| CVE-2024-24861 | 2024-02-05 | Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency() |
| CVE-2024-24860 | 2024-02-05 | Race condition vulnerability in Linux kernel bluetooth driver in {min,max}_key_size_set() |
| CVE-2024-24859 | 2024-02-05 | Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set() |
| CVE-2024-24858 | 2024-02-05 | Race condition vulnerability in Linux kernel net/bluetooth in {conn,adv}_{min,max}_interval_set() |
| CVE-2024-24857 | 2024-02-05 | Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set() |
| CVE-2024-24864 | 2024-02-05 | Race condition vulnerability in Linux kernel media/dvb-core in dvbdmx_write() |
| CVE-2021-4436 | 2024-02-05 | 3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload |
| CVE-2023-5643 | 2024-02-05 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2023-5249 | 2024-02-05 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2024-1225 | 2024-02-05 | QiboSoft QiboCMS X1 Pay.php rmb_pay deserialization |
| CVE-2024-23109 | 2024-02-05 | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and... |
| CVE-2024-23108 | 2024-02-05 | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and... |
| CVE-2024-24762 | 2024-02-05 | python-multipart vulnerable to content-type header Regular expression Denial of Service |
| CVE-2023-52138 | 2024-02-05 | Path traversal via crafted cpio archives in Engrampa archivers |
| CVE-2024-24768 | 2024-02-05 | 1Panel set-cookie is missing the Secure keyword |
| CVE-2023-7216 | 2024-02-05 | Cpio: extraction allows symlinks which enables remote command execution |
| CVE-2024-0323 | 2024-02-05 | FTP uses unsecure encryption mechanisms |
| CVE-2024-0953 | 2024-02-05 | When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may... |
| CVE-2023-6028 | 2024-02-05 | SDM Web interface vulnerable to XSS |
| CVE-2023-6874 | 2024-02-05 | Zigbee Unauthenticated DoS via NWK Sequence number manipulation |
| CVE-2024-22202 | 2024-02-05 | User Removal Page Allows Spoofing Of User Details |
| CVE-2024-24807 | 2024-02-05 | Sulu is vulnerable to HTML Injection via Autocomplete Suggestion |
| CVE-2023-27318 | 2024-02-05 | Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale) |
| CVE-2024-1052 | 2024-02-05 | Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering |
| CVE-2024-22208 | 2024-02-05 | phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes |
| CVE-2024-0202 | 2024-02-05 | Cryptlib: rsa key exchange ciphersuites in tls vulnerable to marvin attack |
| CVE-2023-50781 | 2024-02-05 | M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657 |
| CVE-2023-50782 | 2024-02-05 | Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659 |
| CVE-2024-24574 | 2024-02-05 | phpMyFAQ vulnerable to stored XSS on attachments filename |
| CVE-2024-24559 | 2024-02-05 | Vyper SHA3 code generation bug |
| CVE-2024-24595 | 2024-02-05 | Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. |
| CVE-2024-0448 | 2024-02-05 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to... |
| CVE-2023-6989 | 2024-02-05 | The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the... |
| CVE-2023-6983 | 2024-02-05 | The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,... |
| CVE-2024-0699 | 2024-02-05 | The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in... |
| CVE-2024-0797 | 2024-02-05 | The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several... |
| CVE-2024-0254 | 2024-02-05 | The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient... |
| CVE-2024-0791 | 2024-02-05 | The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on... |
| CVE-2024-0869 | 2024-02-05 | The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that... |
| CVE-2024-0761 | 2024-02-05 | The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use... |
| CVE-2024-0659 | 2024-02-05 | The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in... |
| CVE-2024-0382 | 2024-02-05 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of... |
| CVE-2023-6985 | 2024-02-05 | The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action... |
| CVE-2024-0324 | 2024-02-05 | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability... |
| CVE-2023-6526 | 2024-02-05 | The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions... |
| CVE-2024-0372 | 2024-02-05 | The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check... |
| CVE-2024-0823 | 2024-02-05 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due... |
| CVE-2023-6982 | 2024-02-05 | The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all... |
| CVE-2024-0374 | 2024-02-05 | The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,... |
| CVE-2024-0221 | 2024-02-05 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This... |
| CVE-2024-0370 | 2024-02-05 | The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check... |
| CVE-2024-0585 | 2024-02-05 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in... |
| CVE-2023-6700 | 2024-02-05 | The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions... |
| CVE-2024-0859 | 2024-02-05 | The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on... |
| CVE-2023-6635 | 2024-02-05 | The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes... |
| CVE-2024-0380 | 2024-02-05 | The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it... |
| CVE-2024-0691 | 2024-02-05 | The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output... |
| CVE-2024-0796 | 2024-02-05 | The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This... |
| CVE-2023-7014 | 2024-02-05 | The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via... |
| CVE-2024-0255 | 2024-02-05 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input... |
| CVE-2024-0835 | 2024-02-05 | The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and... |
| CVE-2024-1210 | 2024-02-05 | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to... |
| CVE-2024-1177 | 2024-02-05 | The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in... |
| CVE-2024-0790 | 2024-02-05 | The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due... |
| CVE-2024-0834 | 2024-02-05 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization... |
| CVE-2024-0509 | 2024-02-05 | The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due... |
| CVE-2024-0961 | 2024-02-05 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization... |
| CVE-2024-1209 | 2024-02-05 | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded... |
| CVE-2024-0678 | 2024-02-05 | The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to... |
| CVE-2024-0384 | 2024-02-05 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and... |
| CVE-2023-6959 | 2024-02-05 | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to,... |
| CVE-2024-1075 | 2024-02-05 | The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is... |
| CVE-2024-1072 | 2024-02-05 | The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing... |
| CVE-2024-1046 | 2024-02-05 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field'... |
| CVE-2024-1121 | 2024-02-05 | The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to,... |
| CVE-2024-0954 | 2024-02-05 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper... |