Lista CVE - 2024 / Febbraio
Visualizzazione 801 - 900 di 2784 CVE per Febbraio 2024 (Pagina 9 di 28)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-1122 | 2024-02-09 | The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data()... |
| CVE-2024-0842 | 2024-02-09 | The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct... |
| CVE-2024-0657 | 2024-02-09 | The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and... |
| CVE-2024-0229 | 2024-02-09 | Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access |
| CVE-2024-21762 | 2024-02-09 | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2,... |
| CVE-2024-22119 | 2024-02-09 | Stored XSS in graph items select form |
| CVE-2023-6724 | 2024-02-09 | IDOR in Simgesel Software's Hearing Tracking System (Barosel) |
| CVE-2023-6677 | 2024-02-09 | SQLi in Oduyo Online Collection Software |
| CVE-2024-23319 | 2024-02-09 | CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) |
| CVE-2024-24774 | 2024-02-09 | Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) |
| CVE-2024-24776 | 2024-02-09 | Incorrect Authorization leads to Channel Member Count Leak |
| CVE-2024-1402 | 2024-02-09 | Denial of service in mattermost mobile apps and server via emoji reactions |
| CVE-2023-50386 | 2024-02-09 | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets |
| CVE-2023-50298 | 2024-02-09 | Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions |
| CVE-2023-50292 | 2024-02-09 | Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users |
| CVE-2023-50291 | 2024-02-09 | Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords |
| CVE-2024-1247 | 2024-02-09 | Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field |
| CVE-2024-1246 | 2024-02-09 | Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature |
| CVE-2024-1245 | 2024-02-09 | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes |
| CVE-2023-50349 | 2024-02-09 | HCL Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-45716 | 2024-02-09 | HCL Sametime is impacted by a sensitive information disclosure |
| CVE-2023-45718 | 2024-02-09 | HCL Sametime is impacted by a failure to invalidate sessions |
| CVE-2024-21624 | 2024-02-09 | Potential Information Leak in User-Constructed Message Templates in nonebot2 |
| CVE-2024-24828 | 2024-02-09 | Local Privilege Escalation in execuatables bundled by pkg |
| CVE-2023-6935 | 2024-02-09 | Marvin Attack vulnerability in SP Math All RSA |
| CVE-2024-25109 | 2024-02-09 | Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki |
| CVE-2024-1404 | 2024-02-09 | Linksys WRT54GL Web Management Interface SysInfo.htm information disclosure |
| CVE-2024-23327 | 2024-02-09 | Crash in proxy protocol when command type of LOCAL in Envoy |
| CVE-2024-23325 | 2024-02-09 | Envoy crashes when using an address type that isn’t supported by the OS |
| CVE-2024-23324 | 2024-02-09 | Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata |
| CVE-2024-23323 | 2024-02-09 | Excessive CPU usage when URI template matcher is configured using regex in Envoy |
| CVE-2024-23322 | 2024-02-09 | Envoy crashes when idle and request per try timeout occur within the backoff interval |
| CVE-2023-45696 | 2024-02-10 | HCL Sametime is impacted by an autocomplete enabled vulnerability |
| CVE-2023-28077 | 2024-02-10 | Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally... |
| CVE-2023-45698 | 2024-02-10 | HCL Sametime is impacted by clickjacking |
| CVE-2024-21490 | 2024-02-10 | This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With... |
| CVE-2024-1405 | 2024-02-10 | Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure |
| CVE-2024-0594 | 2024-02-10 | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up... |
| CVE-2024-0595 | 2024-02-10 | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX... |
| CVE-2024-0596 | 2024-02-10 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html() |
| CVE-2024-1406 | 2024-02-10 | Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure |
| CVE-2024-24831 | 2024-02-10 | WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24804 | 2024-02-10 | WordPress MW WP Form Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24803 | 2024-02-10 | WordPress Ultra Companion Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24801 | 2024-02-10 | WordPress OWL Carousel Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24717 | 2024-02-10 | WordPress Beds24 Online Booking Plugin <= 2.0.23 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24713 | 2024-02-10 | WordPress Auto Listings Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24712 | 2024-02-10 | WordPress Heateor Social Login Plugin <= 1.1.30 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23517 | 2024-02-10 | WordPress Scheduling Plugin – Online Booking for WordPress Plugin <= 3.5.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23516 | 2024-02-10 | WordPress CC BMI Calculator Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23514 | 2024-02-10 | WordPress Click To Tweet Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51493 | 2024-02-10 | WordPress Custom Post Carousels with Owl Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51492 | 2024-02-10 | WordPress If-So Dynamic Content Personalization Plugin <= 1.6.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51488 | 2024-02-10 | WordPress Crowdsignal Dashboard – Polls, Surveys & more Plugin <= 3.0.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51485 | 2024-02-10 | WordPress Pay with Vipps for WooCommerce Plugin <= 1.14.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51480 | 2024-02-10 | WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51415 | 2024-02-10 | WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51404 | 2024-02-10 | WordPress My Agile Privacy Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22361 | 2024-02-10 | IBM Semeru Runtime information disclosure |
| CVE-2023-50957 | 2024-02-10 | IBM Storage Defender - Resiliency Service privilege escalation |
| CVE-2024-22312 | 2024-02-10 | IBM Storage Defender - Resiliency Service information disclosure |
| CVE-2024-22313 | 2024-02-10 | IBM Storage Defender - Resiliency Service information disclosure |
| CVE-2023-52427 | 2024-02-11 | In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor's position is that the product is not designed to... |
| CVE-2023-52428 | 2024-02-11 | In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2)... |
| CVE-2024-23724 | 2024-02-11 | Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact... |
| CVE-2024-25714 | 2024-02-11 | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the... |
| CVE-2024-25728 | 2024-02-11 | ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead... |
| CVE-2024-25417 | 2024-02-11 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. |
| CVE-2024-25418 | 2024-02-11 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. |
| CVE-2024-25419 | 2024-02-11 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. |
| CVE-2024-25711 | 2024-02-11 | diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because... |
| CVE-2024-25712 | 2024-02-11 | http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is... |
| CVE-2024-25713 | 2024-02-11 | yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator,... |
| CVE-2024-25715 | 2024-02-11 | Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. |
| CVE-2024-25718 | 2024-02-11 | In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it,... |
| CVE-2024-25722 | 2024-02-11 | qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. |
| CVE-2024-1430 | 2024-02-11 | Netgear R7000 Web Management Interface currentsetting.htm information disclosure |
| CVE-2024-1431 | 2024-02-11 | Netgear R7000 Web Management Interface debuginfo.htm information disclosure |
| CVE-2024-1432 | 2024-02-11 | DeepFaceLab main.py apply_xseg deserialization |
| CVE-2024-21875 | 2024-02-11 | DoS attack when broadcasting billboard messages |
| CVE-2024-1151 | 2024-02-11 | Kernel: stack overflow problem in open vswitch kernel module leading to dos |
| CVE-2024-1433 | 2024-02-11 | KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal |
| CVE-2024-23761 | 2024-02-12 | Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. |
| CVE-2024-25360 | 2024-02-12 | A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. |
| CVE-2023-52429 | 2024-02-12 | dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. |
| CVE-2023-52430 | 2024-02-12 | The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring. |
| CVE-2024-23759 | 2024-02-12 | Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. |
| CVE-2024-23760 | 2024-02-12 | Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. |
| CVE-2024-23762 | 2024-02-12 | Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. |
| CVE-2024-23763 | 2024-02-12 | SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. |
| CVE-2024-24337 | 2024-02-12 | CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget'... |
| CVE-2024-25739 | 2024-02-12 | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. |
| CVE-2024-25740 | 2024-02-12 | A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. |
| CVE-2024-25741 | 2024-02-12 | printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. |
| CVE-2024-25744 | 2024-02-12 | In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. |
| CVE-2024-24933 | 2024-02-12 | WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24932 | 2024-02-12 | WordPress VK Poster Group Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24931 | 2024-02-12 | WordPress Before After Image Slider WP Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24930 | 2024-02-12 | WordPress Buttons Shortcode and Widget Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24928 | 2024-02-12 | WordPress Content Cards Plugin <= 0.9.7 is vulnerable to Cross Site Scripting (XSS) |