Lista CVE - 2024 / Marzo
Visualizzazione 2001 - 2100 di 3299 CVE per Marzo 2024 (Pagina 21 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-2690 | 2024-03-20 | SourceCodester Online Discussion Forum Site uupdate.php unrestricted upload |
| CVE-2023-46839 | 2024-03-20 | pci: phantom functions assigned to incorrect contexts |
| CVE-2023-46840 | 2024-03-20 | VT-d: Failure to quarantine devices in !HVM builds |
| CVE-2023-46841 | 2024-03-20 | x86: shadow stack vs exceptions from emulation stubs |
| CVE-2023-52229 | 2024-03-20 | WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2024-2721 | 2024-03-20 | WordPress Social Media Share Buttons plugin <= 2.1.0 - PHP Object Injection vulnerability |
| CVE-2024-1811 | 2024-03-20 | OpenText ArcSight Platform Remote Vulnerability |
| CVE-2024-1800 | 2024-03-20 | Progress Telerik Report Server Deserialization |
| CVE-2024-1801 | 2024-03-20 | Progress Telerik Reporting Local Deserialization Vulnerability |
| CVE-2024-1856 | 2024-03-20 | Progress Telerik Reporting Remote Deserialization Vulnerability |
| CVE-2023-35888 | 2024-03-20 | IBM Security Verify Governance information disclosure |
| CVE-2023-41038 | 2024-03-20 | Server crash when using specific form of SET BIND statement |
| CVE-2023-41877 | 2024-03-20 | GeoServer log file path traversal vulnerability |
| CVE-2024-2291 | 2024-03-20 | MOVEit Transfer Logging Bypass Vulnerability |
| CVE-2023-51444 | 2024-03-20 | GeoServer arbitrary file upload vulnerability in REST Coverage Store API |
| CVE-2023-51445 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API |
| CVE-2024-23634 | 2024-03-20 | GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API |
| CVE-2024-23640 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher |
| CVE-2024-2703 | 2024-03-20 | Tenda AC10U SetOnlineDevName formSetDeviceName stack-based overflow |
| CVE-2024-2704 | 2024-03-20 | Tenda AC10U SetFirewallCfg formSetFirewallCfg stack-based overflow |
| CVE-2024-2705 | 2024-03-20 | Tenda AC10U SetNetControlList formSetQosBand stack-based overflow |
| CVE-2024-2706 | 2024-03-20 | Tenda AC10U WifiWpsStart formWifiWpsStart stack-based overflow |
| CVE-2024-2707 | 2024-03-20 | Tenda AC10U WriteFacMac formWriteFacMac os command injection |
| CVE-2024-2625 | 2024-03-20 | Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-2626 | 2024-03-20 | Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security... |
| CVE-2024-2627 | 2024-03-20 | Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-2628 | 2024-03-20 | Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) |
| CVE-2024-2629 | 2024-03-20 | Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-2630 | 2024-03-20 | Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-2631 | 2024-03-20 | Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-45177 | 2024-03-20 | IBM MQ denial of service |
| CVE-2024-2708 | 2024-03-20 | Tenda AC10U execCommand formexeCommand stack-based overflow |
| CVE-2024-2709 | 2024-03-20 | Tenda AC10U SetStaticRouteCfg fromSetRouteStatic stack-based overflow |
| CVE-2024-23642 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer |
| CVE-2024-23643 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form |
| CVE-2024-23818 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format |
| CVE-2024-2710 | 2024-03-20 | Tenda AC10U openSchedWifi setSchedWifi stack-based overflow |
| CVE-2024-2711 | 2024-03-20 | Tenda AC10U addWifiMacFilter stack-based overflow |
| CVE-2024-23819 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page |
| CVE-2024-23821 | 2024-03-20 | GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) |
| CVE-2024-24813 | 2024-03-20 | Frappe SQL Injection from reporting logic |
| CVE-2024-27105 | 2024-03-20 | Frappe File Permissions can by bypassed using certain endpoints |
| CVE-2022-4963 | 2024-03-20 | Folio Spring Module Core Schema Name HibernateSchemaService.java dropSchema sql injection |
| CVE-2024-2712 | 2024-03-20 | Campcodes Complete Online DJ Booking System user-search.php sql injection |
| CVE-2024-2713 | 2024-03-20 | Campcodes Complete Online DJ Booking System booking-search.php sql injection |
| CVE-2024-2714 | 2024-03-20 | Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php sql injection |
| CVE-2024-27286 | 2024-03-20 | Moving single messages from public to private streams leaves them accessible |
| CVE-2024-28179 | 2024-03-20 | Jupyter Server Proxy's Websocket Proxying does not require authentication |
| CVE-2024-2715 | 2024-03-20 | Campcodes Complete Online DJ Booking System user-search.php cross site scripting |
| CVE-2024-2716 | 2024-03-20 | Campcodes Complete Online DJ Booking System contactus.php cross site scripting |
| CVE-2024-28231 | 2024-03-20 | Manipulated DATA Submessage causes a heap-buffer-overflow error |
| CVE-2024-28868 | 2024-03-20 | Umbraco possible user enumeration vulnerability |
| CVE-2024-29018 | 2024-03-20 | External DNS requests from 'internal' networks could lead to data exfiltration |
| CVE-2024-29032 | 2024-03-20 | `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code |
| CVE-2024-2717 | 2024-03-20 | Campcodes Complete Online DJ Booking System booking-search.php cross site scripting |
| CVE-2024-2718 | 2024-03-20 | Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php cross site scripting |
| CVE-2024-29033 | 2024-03-20 | GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace |
| CVE-2024-29036 | 2024-03-20 | Saleor Storefront session leak in cache |
| CVE-2024-29037 | 2024-03-20 | Default secret use for initial deployment |
| CVE-2024-2719 | 2024-03-20 | Campcodes Complete Online DJ Booking System admin-profile.php cross site scripting |
| CVE-2024-2720 | 2024-03-20 | Campcodes Complete Online DJ Booking System aboutus.php cross site scripting |
| CVE-2024-29026 | 2024-03-20 | Owncast cross origin request |
| CVE-2024-2469 | 2024-03-20 | Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance |
| CVE-2024-2443 | 2024-03-20 | Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console |
| CVE-2024-2748 | 2024-03-20 | CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user |
| CVE-2024-28916 | 2024-03-20 | Xbox Gaming Services Elevation of Privilege Vulnerability |
| CVE-2023-48901 | 2024-03-21 | A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php. |
| CVE-2023-48902 | 2024-03-21 | An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. |
| CVE-2023-48903 | 2024-03-21 | Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php. |
| CVE-2023-51141 | 2024-03-21 | An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component |
| CVE-2024-22724 | 2024-03-21 | An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. |
| CVE-2024-27683 | 2024-03-21 | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. |
| CVE-2024-28402 | 2024-03-21 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. |
| CVE-2024-28521 | 2024-03-21 | SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter... |
| CVE-2024-28635 | 2024-03-21 | Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. |
| CVE-2024-28756 | 2024-03-21 | The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and... |
| CVE-2024-29243 | 2024-03-21 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. |
| CVE-2024-29244 | 2024-03-21 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. |
| CVE-2024-29374 | 2024-03-21 | A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. |
| CVE-2024-29858 | 2024-03-21 | In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. |
| CVE-2024-29859 | 2024-03-21 | In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. |
| CVE-2024-29862 | 2024-03-21 | The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. |
| CVE-2024-29864 | 2024-03-21 | Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. |
| CVE-2024-29866 | 2024-03-21 | Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. |
| CVE-2024-29916 | 2024-03-21 | The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active... |
| CVE-2023-51142 | 2024-03-21 | An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. |
| CVE-2024-24272 | 2024-03-21 | An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that... |
| CVE-2024-29937 | 2024-03-21 | NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to... |
| CVE-2024-1538 | 2024-03-21 | The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on... |
| CVE-2024-2161 | 2024-03-21 | Use of Hard-coded Credentials in Kiloview NDI N series products API middleware |
| CVE-2024-2162 | 2024-03-21 | Authenticated Remote Code Execution in Kiloview NDI N series products |
| CVE-2024-28835 | 2024-03-21 | Gnutls: potential crash during chain building/verification |
| CVE-2024-2754 | 2024-03-21 | SourceCodester Complete E-Commerce Site users_photo.php unrestricted upload |
| CVE-2024-1147 | 2024-03-21 | Weak Access Control - Arbitrary file download |
| CVE-2024-1148 | 2024-03-21 | Weak Access Control - Arbitrary file upload |
| CVE-2024-29133 | 2024-03-21 | Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree |
| CVE-2024-29131 | 2024-03-21 | Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() |
| CVE-2024-26307 | 2024-03-21 | Apache Doris: Possible race condition |
| CVE-2024-27438 | 2024-03-21 | Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution |
| CVE-2024-29732 | 2024-03-21 | SQL Injection vulnerability on SCAN_VISIO eDocument Suite Web Viewer from Abast |