Lista CVE - 2024 / Marzo
Visualizzazione 1301 - 1400 di 3299 CVE per Marzo 2024 (Pagina 14 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-28251 | 2024-03-13 | Cross-site websocket hijacking in Querybook |
| CVE-2023-50677 | 2024-03-14 | An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. |
| CVE-2024-25139 | 2024-03-14 | In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can... |
| CVE-2024-25649 | 2024-03-14 | In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the... |
| CVE-2024-25650 | 2024-03-14 | Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted... |
| CVE-2024-25651 | 2024-03-14 | User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a... |
| CVE-2024-25653 | 2024-03-14 | Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports... |
| CVE-2024-26503 | 2024-03-14 | Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. |
| CVE-2024-28323 | 2024-03-14 | The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. The script retrieves user-provided date inputs... |
| CVE-2024-28383 | 2024-03-14 | Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. |
| CVE-2024-28388 | 2024-03-14 | SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. |
| CVE-2024-28390 | 2024-03-14 | An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. |
| CVE-2024-28417 | 2024-03-14 | Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. |
| CVE-2024-28418 | 2024-03-14 | Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php |
| CVE-2024-28423 | 2024-03-14 | Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML... |
| CVE-2024-28425 | 2024-03-14 | greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2023-42286 | 2024-03-14 | There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload. |
| CVE-2024-25228 | 2024-03-14 | Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. |
| CVE-2024-25652 | 2024-03-14 | In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the... |
| CVE-2024-26475 | 2024-03-14 | An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. |
| CVE-2024-28391 | 2024-03-14 | SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and... |
| CVE-2024-28424 | 2024-03-14 | zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-1221 | 2024-03-14 | Improper access controls on APIs on Linux and macOS in PaperCut NG/MF |
| CVE-2024-1222 | 2024-03-14 | Incorrect authorization controls in PaperCut NG/MF APIs |
| CVE-2024-1223 | 2024-03-14 | Improper authorization controls in PaperCut NG/MF |
| CVE-2024-1654 | 2024-03-14 | Unauthorized write operations in PaperCut NG/MF |
| CVE-2024-1882 | 2024-03-14 | Server-side resource injection in PaperCut NG/MF |
| CVE-2024-1883 | 2024-03-14 | Reflected XSS in PaperCut NG/MF |
| CVE-2024-1884 | 2024-03-14 | Server Side Request Forgery in PaperCut NG/MF |
| CVE-2024-22396 | 2024-03-14 | An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending... |
| CVE-2024-22397 | 2024-03-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary... |
| CVE-2024-22398 | 2024-03-14 | An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory... |
| CVE-2024-27986 | 2024-03-14 | WordPress Livemesh Addons for Elementor Plugin <= 8.3.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-28746 | 2024-03-14 | Apache Airflow: Ignored Airflow Permissions |
| CVE-2024-0311 | 2024-03-14 | A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. |
| CVE-2024-0312 | 2024-03-14 | A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. |
| CVE-2024-0313 | 2024-03-14 | A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to... |
| CVE-2024-1623 | 2024-03-14 | Insufficient session timeout vulnerability in Sagemcom router |
| CVE-2024-25156 | 2024-03-14 | Path traversal in GoAnywhere MFT 7.4.1 and Earlier |
| CVE-2023-50168 | 2024-03-14 | Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. |
| CVE-2023-43490 | 2024-03-14 | Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2023-32666 | 2024-03-14 | On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially... |
| CVE-2023-38575 | 2024-03-14 | Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
| CVE-2023-39368 | 2024-03-14 | Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2023-22655 | 2024-03-14 | Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege... |
| CVE-2023-32282 | 2024-03-14 | Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-35191 | 2024-03-14 | Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access. |
| CVE-2023-28389 | 2024-03-14 | Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-32633 | 2024-03-14 | Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-27502 | 2024-03-14 | Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2023-28746 | 2024-03-14 | Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2024-28849 | 2024-03-14 | Proxy-Authorization header kept across hosts in follow-redirects |
| CVE-2024-28181 | 2024-03-14 | Arbitrary method invocation turbo_boost-commands |
| CVE-2023-42938 | 2024-03-14 | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges. |
| CVE-2024-27266 | 2024-03-14 | IBM Maximo Application Suite XML external entity injection |
| CVE-2024-27301 | 2024-03-14 | Privilege Escalation Abusing installer in SupportApp |
| CVE-2024-27265 | 2024-03-14 | IBM Integration Bus for z/OS cross-site request forgery |
| CVE-2024-22346 | 2024-03-14 | IBM i privilege escalation |
| CVE-2024-24770 | 2024-03-14 | Username timing attack on recover password/MFA token in vantage6 |
| CVE-2024-23823 | 2024-03-14 | CORS settings overly permissive in vantage6 |
| CVE-2024-24562 | 2024-03-14 | Security headers not set in vantage6-UI |
| CVE-2024-1713 | 2024-03-14 | Plv8 Deferred Trigger Privilege Escalation |
| CVE-2024-2256 | 2024-03-14 | The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due... |
| CVE-2024-0860 | 2024-03-14 | Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator |
| CVE-2024-2249 | 2024-03-14 | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including,... |
| CVE-2024-26163 | 2024-03-14 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2024-26246 | 2024-03-14 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2024-1853 | 2024-03-14 | Zemana AntiLogger v2.74.204.664 - Arbitrary Process Termination |
| CVE-2024-0802 | 2024-03-14 | Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute... |
| CVE-2024-0803 | 2024-03-14 | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by... |
| CVE-2024-26540 | 2024-03-15 | A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. |
| CVE-2024-27756 | 2024-03-15 | GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. |
| CVE-2024-28318 | 2024-03-15 | gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325 |
| CVE-2024-28353 | 2024-03-15 | There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface,... |
| CVE-2024-28354 | 2024-03-15 | There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface,... |
| CVE-2024-28404 | 2024-03-15 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. |
| CVE-2024-25227 | 2024-03-15 | SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter... |
| CVE-2024-26454 | 2024-03-15 | A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. |
| CVE-2024-27351 | 2024-03-15 | In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service... |
| CVE-2024-28319 | 2024-03-15 | gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374 |
| CVE-2024-28401 | 2024-03-15 | TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. |
| CVE-2024-28403 | 2024-03-15 | TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. |
| CVE-2024-1915 | 2024-03-15 | Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending... |
| CVE-2024-1916 | 2024-03-15 | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by... |
| CVE-2024-1917 | 2024-03-15 | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by... |
| CVE-2024-2180 | 2024-03-15 | Zemana AntiLogger v2.74.204.664 - Kernel Memory Leak |
| CVE-2024-2204 | 2024-03-15 | Zemana AntiLogger v2.74.204.664 - Denial of Service (DoS) |
| CVE-2024-2478 | 2024-03-15 | BradWenqiang HR Background Management register selectAll sql injection |
| CVE-2024-2479 | 2024-03-15 | MHA Sistemas arMHAzena Cadastro Page cross site scripting |
| CVE-2024-2480 | 2024-03-15 | MHA Sistemas arMHAzena Executa Page sql injection |
| CVE-2024-2481 | 2024-03-15 | Surya2Developer Hostel Management System manage-students.php access control |
| CVE-2024-2482 | 2024-03-15 | Surya2Developer Hostel Management Service HTTP POST Request check_availability.php observable response discrepancy |
| CVE-2024-1796 | 2024-03-15 | The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1... |
| CVE-2024-2399 | 2024-03-15 | The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization... |
| CVE-2024-1795 | 2024-03-15 | The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and... |
| CVE-2024-2483 | 2024-03-15 | Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery |
| CVE-2024-2485 | 2024-03-15 | Tenda AC18 SetSpeedWan formSetSpeedWan stack-based overflow |
| CVE-2024-2486 | 2024-03-15 | Tenda AC18 QuickIndex formQuickIndex stack-based overflow |
| CVE-2024-2487 | 2024-03-15 | Tenda AC18 SetOnlineDevName formSetDeviceName stack-based overflow |
| CVE-2024-2488 | 2024-03-15 | Tenda AC18 SetPptpServerCfg formSetPPTPServer stack-based overflow |