Lista CVE - 2024 / Febbraio
Visualizzazione 201 - 300 di 2784 CVE per Febbraio 2024 (Pagina 3 di 28)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-41276 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41277 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41278 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41279 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41280 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41281 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41282 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41283 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41292 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-45025 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-45026 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-45027 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-45028 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-45035 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-45036 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-45037 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-47561 | 2024-02-02 | Photo Station |
| CVE-2023-47562 | 2024-02-02 | Photo Station |
| CVE-2023-47564 | 2024-02-02 | Qsync Central |
| CVE-2023-47566 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-47567 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-47568 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-50359 | 2024-02-02 | QTS, QuTS hero |
| CVE-2024-24560 | 2024-02-02 | Vyper external calls can overflow return data to return input buffer |
| CVE-2024-23635 | 2024-02-02 | AntiSamy malicious input can provoke XSS when preserving comments |
| CVE-2024-1186 | 2024-02-02 | Munsoft Easy Archive Recovery Registration Key denial of service |
| CVE-2024-1187 | 2024-02-02 | Munsoft Easy Outlook Express Recovery Registration Key denial of service |
| CVE-2024-1188 | 2024-02-02 | Rizone Soft Notepad3 Encryption Passphrase denial of service |
| CVE-2023-37527 | 2024-02-02 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform |
| CVE-2024-1189 | 2024-02-02 | AMPPS Encryption Passphrase denial of service |
| CVE-2024-1190 | 2024-02-02 | Global Scape CuteFTP denial of service |
| CVE-2024-1191 | 2024-02-02 | Hyper CdCatalog HCF File denial of service |
| CVE-2023-37529 | 2024-02-02 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform |
| CVE-2024-1192 | 2024-02-02 | South River WebDrive New Secure WebDAV denial of service |
| CVE-2023-37530 | 2024-02-02 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform |
| CVE-2023-37531 | 2024-02-02 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform |
| CVE-2024-1193 | 2024-02-02 | Navicat MySQL Conecction denial of service |
| CVE-2024-1194 | 2024-02-02 | Armcode AlienIP Locate Host denial of service |
| CVE-2024-23553 | 2024-02-02 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform |
| CVE-2024-1195 | 2024-02-02 | iTop VPN IOCTL ITopVpnCallbackProcess.sys denial of service |
| CVE-2024-1196 | 2024-02-02 | SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting |
| CVE-2024-1197 | 2024-02-02 | SourceCodester Testimonial Page Manager HTTP GET Request delete-testimonial.php sql injection |
| CVE-2024-1198 | 2024-02-02 | openBI Phar User.php addxinzhi deserialization |
| CVE-2023-43183 | 2024-02-03 | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. |
| CVE-2023-44031 | 2024-02-03 | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. |
| CVE-2023-49950 | 2024-02-03 | The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A... |
| CVE-2024-1199 | 2024-02-03 | CodeAstro Employee Task Management System attendance-info.php denial of service |
| CVE-2023-31005 | 2024-02-03 | IBM Security Access Manager Container privilege escalation |
| CVE-2023-30999 | 2024-02-03 | IBM Security Access Manager denial of service |
| CVE-2023-43016 | 2024-02-03 | IBM Security Access Manager Container unauthorized access |
| CVE-2023-32327 | 2024-02-03 | IBM Security Access Manager Container XML external entity injection |
| CVE-2023-32329 | 2024-02-03 | IBM Security Access Manager Container improper file validation |
| CVE-2023-31004 | 2024-02-03 | IBM Security Access Manager Container gain access |
| CVE-2023-31006 | 2024-02-03 | IBM Security Access Manager Container denial of service |
| CVE-2024-1200 | 2024-02-03 | Jspxcms information disclosure |
| CVE-2023-37528 | 2024-02-03 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform |
| CVE-2024-23550 | 2024-02-03 | HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure |
| CVE-2024-0895 | 2024-02-03 | The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient... |
| CVE-2024-0909 | 2024-02-03 | The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API... |
| CVE-2024-1064 | 2024-02-03 | Improper Neutralization of HTTP Headers for Scripting Syntax in Crafty Controller 4 |
| CVE-2024-0853 | 2024-02-03 | OCSP verification bypass with TLS session reuse |
| CVE-2024-1215 | 2024-02-03 | SourceCodester CRUD without Page Reload fetch_data.php cross site scripting |
| CVE-2024-25089 | 2024-02-04 | Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. |
| CVE-2020-36773 | 2024-02-04 | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode... |
| CVE-2021-46902 | 2024-02-04 | An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files... |
| CVE-2021-46903 | 2024-02-04 | An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). |
| CVE-2023-52425 | 2024-02-04 | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. |
| CVE-2023-52426 | 2024-02-04 | libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. |
| CVE-2024-25062 | 2024-02-04 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can... |
| CVE-2023-50947 | 2024-02-04 | IBM Business Automation Workflow cross-site scripting |
| CVE-2023-33851 | 2024-02-04 | IBM PowerVM Hypervisor information disclosure |
| CVE-2015-10129 | 2024-02-04 | planet-freo auth.inc.php comparison |
| CVE-2019-25159 | 2024-02-04 | mpedraza2020 Intranet del Monterroso cargos.php sql injection |
| CVE-2023-6240 | 2024-02-04 | Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation |
| CVE-2018-25098 | 2024-02-04 | blockmason credit-protocol UCAC CreditProtocol.sol executeUcacTx denial of service |
| CVE-2021-4435 | 2024-02-04 | Yarn: untrusted search path |
| CVE-2024-23054 | 2024-02-05 | An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public... |
| CVE-2024-24260 | 2024-02-05 | media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c. |
| CVE-2024-24396 | 2024-02-05 | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. |
| CVE-2024-24469 | 2024-02-05 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. |
| CVE-2023-47355 | 2024-02-05 | The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts... |
| CVE-2023-51951 | 2024-02-05 | SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. |
| CVE-2024-22567 | 2024-02-05 | File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. |
| CVE-2024-22667 | 2024-02-05 | Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. |
| CVE-2024-23049 | 2024-02-05 | An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. |
| CVE-2024-24258 | 2024-02-05 | freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. |
| CVE-2024-24259 | 2024-02-05 | freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. |
| CVE-2024-24262 | 2024-02-05 | media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c. |
| CVE-2024-24263 | 2024-02-05 | Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c. |
| CVE-2024-24265 | 2024-02-05 | gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function. |
| CVE-2024-24266 | 2024-02-05 | gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. |
| CVE-2024-24267 | 2024-02-05 | gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. |
| CVE-2024-24397 | 2024-02-05 | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. |
| CVE-2024-24468 | 2024-02-05 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. |
| CVE-2024-24543 | 2024-02-05 | Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted... |
| CVE-2023-5677 | 2024-02-05 | Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote... |
| CVE-2023-5800 | 2024-02-05 | Insufficient input validation in VAPIX API create_overlay.cgi |
| CVE-2023-51504 | 2024-02-05 | WordPress Dan's Embedder for Google Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24870 | 2024-02-05 | WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-20006 | 2024-02-05 | In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |