Lista CVE - 2024 / Febbraio
Visualizzazione 2701 - 2784 di 2784 CVE per Febbraio 2024 (Pagina 28 di 28)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-25093 | 2024-02-29 | WordPress GD Rating System Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-25094 | 2024-02-29 | WordPress PJ News Ticker Plugin <= 1.9.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-25098 | 2024-02-29 | WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-25594 | 2024-02-29 | WordPress MyWaze Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-1982 | 2024-02-29 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up... |
| CVE-2024-1978 | 2024-02-29 | The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers,... |
| CVE-2024-1981 | 2024-02-29 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter... |
| CVE-2024-23493 | 2024-02-29 | Team associated AD/LDAP Groups Leaked due to missing authorization |
| CVE-2024-23488 | 2024-02-29 | Files of archived channels accessible with the “Allow users to view archived channels” option disabled |
| CVE-2024-1887 | 2024-02-29 | Public channel post content accessible without membership when compliance export is enabled |
| CVE-2024-24988 | 2024-02-29 | Excessive resource consumption when sending long emoji names in user custom status |
| CVE-2024-1888 | 2024-02-29 | Existing server guests invited to the team by members without "invite_guest" permission |
| CVE-2024-1619 | 2024-02-29 | Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a... |
| CVE-2024-1942 | 2024-02-29 | Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the... |
| CVE-2024-1949 | 2024-02-29 | A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation... |
| CVE-2024-1952 | 2024-02-29 | Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update... |
| CVE-2024-1953 | 2024-02-29 | Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to... |
| CVE-2024-27906 | 2024-02-29 | Apache Airflow: Dag Code and Import Error Permissions Ignored |
| CVE-2024-26607 | 2024-02-29 | drm/bridge: sii902x: Fix probing race issue |
| CVE-2024-0864 | 2024-02-29 | RCE in Laragon |
| CVE-2024-2001 | 2024-02-29 | Cross-Site Scripting vulnerability in Cockpit CMS |
| CVE-2023-52485 | 2024-02-29 | drm/amd/display: Wake DMCUB before sending a command |
| CVE-2024-24818 | 2024-02-29 | EspoCRM weakness in "Forgot password" |
| CVE-2023-52486 | 2024-02-29 | drm: Don't unref the same fb many times by mistake due to deadlock handling |
| CVE-2023-52487 | 2024-02-29 | net/mlx5e: Fix peer flow lists handling |
| CVE-2023-52488 | 2024-02-29 | serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO |
| CVE-2023-52489 | 2024-02-29 | mm/sparsemem: fix race in accessing memory_section->usage |
| CVE-2023-52490 | 2024-02-29 | mm: migrate: fix getting incorrect page mapping during page migration |
| CVE-2023-52491 | 2024-02-29 | media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run |
| CVE-2023-52492 | 2024-02-29 | dmaengine: fix NULL pointer in channel unregistration function |
| CVE-2023-52493 | 2024-02-29 | bus: mhi: host: Drop chan lock before queuing buffers |
| CVE-2023-52494 | 2024-02-29 | bus: mhi: host: Add alignment check for event ring read pointer |
| CVE-2023-52495 | 2024-02-29 | soc: qcom: pmic_glink_altmode: fix port sanity check |
| CVE-2023-52497 | 2024-02-29 | erofs: fix lz4 inplace decompression |
| CVE-2023-52498 | 2024-02-29 | PM: sleep: Fix possible deadlocks in core system-wide PM code |
| CVE-2024-26608 | 2024-02-29 | ksmbd: fix global oob in ksmbd_nl_policy |
| CVE-2024-26610 | 2024-02-29 | wifi: iwlwifi: fix a memory corruption |
| CVE-2024-26611 | 2024-02-29 | xsk: fix usage of multi-buffer BPF helpers for ZC XDP |
| CVE-2024-26612 | 2024-02-29 | netfs, fscache: Prevent Oops in fscache_put_cache() |
| CVE-2024-26614 | 2024-02-29 | tcp: make sure init the accept_queue's spinlocks once |
| CVE-2024-26615 | 2024-02-29 | net/smc: fix illegal rmb_desc access in SMC-D connection dump |
| CVE-2024-26616 | 2024-02-29 | btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned |
| CVE-2024-26617 | 2024-02-29 | fs/proc/task_mmu: move mmu notification mechanism inside mm lock |
| CVE-2024-26618 | 2024-02-29 | arm64/sme: Always exit sme_alloc() early with existing storage |
| CVE-2024-26619 | 2024-02-29 | riscv: Fix module loading free order |
| CVE-2024-26620 | 2024-02-29 | s390/vfio-ap: always filter entire AP matrix |
| CVE-2024-20765 | 2024-02-29 | ZDI-CAN-22674: Adobe Acrobat Reader DC PDF File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-6132 | 2024-02-29 | AVEVA Edge products Uncontrolled Search Path Element |
| CVE-2024-27094 | 2024-02-29 | OpenZeppelin Contracts base64 encoding may read from potentially dirty memory |
| CVE-2024-1908 | 2024-02-29 | Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed Privilege Escalation |
| CVE-2024-2007 | 2024-02-29 | OpenBMB XAgent Privileged Mode sandbox |
| CVE-2024-2009 | 2024-02-29 | Nway Pro Argument index.php ajax_login_submit_form information exposure |
| CVE-2024-1595 | 2024-02-29 | Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Element |
| CVE-2024-0068 | 2024-02-29 | Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1. |
| CVE-2024-26196 | 2024-02-29 | Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-2014 | 2024-02-29 | Panabit Panalog sprog_upstatus.php sql injection |
| CVE-2024-2015 | 2024-02-29 | ZhiCms mcontroller.php getindexdata sql injection |
| CVE-2024-2016 | 2024-02-29 | ZhiCms setcontroller.php index code injection |
| CVE-2024-27290 | 2024-02-29 | Docassemble HTML and javascript injection |
| CVE-2024-27291 | 2024-02-29 | Docassemble open redirect |
| CVE-2024-27292 | 2024-02-29 | Docassemble unauthorized access through URL manipulation |
| CVE-2021-46959 | 2024-02-29 | spi: Fix use-after-free with devm_spi_alloc_* |
| CVE-2021-47016 | 2024-02-29 | m68k: mvme147,mvme16x: Don't wipe PCC timer config bits |
| CVE-2021-47020 | 2024-02-29 | soundwire: stream: fix memory leak in stream config error path |
| CVE-2021-47054 | 2024-02-29 | bus: qcom: Put child node before return |
| CVE-2021-47055 | 2024-02-29 | mtd: require write permissions for locking and badblock ioctls |
| CVE-2021-47056 | 2024-02-29 | crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init |
| CVE-2021-47057 | 2024-02-29 | crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map |
| CVE-2021-47058 | 2024-02-29 | regmap: set debugfs_name to NULL after it is freed |
| CVE-2021-47059 | 2024-02-29 | crypto: sun8i-ss - fix result memory leak on error path |
| CVE-2021-47060 | 2024-02-29 | KVM: Stop looking for coalesced MMIO zones if the bus is destroyed |
| CVE-2021-47061 | 2024-02-29 | KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU |
| CVE-2021-47062 | 2024-02-29 | KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs |
| CVE-2021-47063 | 2024-02-29 | drm: bridge/panel: Cleanup connector on bridge detach |
| CVE-2021-47064 | 2024-02-29 | mt76: fix potential DMA mapping leak |
| CVE-2021-47065 | 2024-02-29 | rtw88: Fix array overrun in rtw_get_tx_power_params() |
| CVE-2021-47066 | 2024-02-29 | async_xor: increase src_offs when dropping destination page |
| CVE-2021-47067 | 2024-02-29 | soc/tegra: regulators: Fix locking up when voltage-spread is out of range |
| CVE-2021-47068 | 2024-02-29 | net/nfc: fix use-after-free llcp_sock_bind/connect |
| CVE-2024-27294 | 2024-02-29 | dp-golang Go installation could be owned by wrong user |
| CVE-2024-2021 | 2024-02-29 | Netentsec NS-ASG Application Security Gateway list_localuser.php sql injection |
| CVE-2024-0403 | 2024-02-29 | Recipes 1.5.10 - Blind SSRF |
| CVE-2024-2045 | 2024-02-29 | Session 1.17.5 - LFR via chat attachment |
| CVE-2023-46950 | 2024-03-01 | Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions. |
| CVE-2023-49539 | 2024-03-01 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2023-49540 | 2024-03-01 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2023-49543 | 2024-03-01 | Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating. |
| CVE-2023-49544 | 2024-03-01 | A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. |
| CVE-2023-49545 | 2024-03-01 | A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. |
| CVE-2023-52555 | 2024-03-01 | In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection. |
| CVE-2024-22891 | 2024-03-01 | Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. |
| CVE-2024-24511 | 2024-03-01 | Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component. |
| CVE-2024-24512 | 2024-03-01 | Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component. |
| CVE-2024-25293 | 2024-03-01 | mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. |
| CVE-2024-25386 | 2024-03-01 | Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. |
| CVE-2024-25434 | 2024-03-01 | A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter. |
| CVE-2024-25438 | 2024-03-01 | A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input... |
| CVE-2024-27355 | 2024-03-01 | An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be... |
| CVE-2024-27497 | 2024-03-01 | Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. |
| CVE-2024-27559 | 2024-03-01 | Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php |