Lista CVE - 2024 / Marzo
Visualizzazione 2301 - 2400 di 3299 CVE per Marzo 2024 (Pagina 24 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-2855 | 2024-03-24 | Tenda AC15 SetSysTimeCfg fromSetSysTime stack-based overflow |
| CVE-2024-2856 | 2024-03-24 | Tenda AC10 SetSysTimeCfg fromSetSysTime stack-based overflow |
| CVE-2020-36825 | 2024-03-24 | cyberaz0r WebRAT api.php download_file unrestricted upload |
| CVE-2024-29194 | 2024-03-24 | OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation |
| CVE-2024-29034 | 2024-03-24 | CarrierWave's Content-Type allowlist bypass vulnerability which possibly leads to XSS remained |
| CVE-2024-29187 | 2024-03-24 | WiX based installers are vulnerable to binary hijack when run as SYSTEM |
| CVE-2024-29188 | 2024-03-24 | Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files |
| CVE-2023-47430 | 2024-03-25 | Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c. |
| CVE-2024-25175 | 2024-03-25 | An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack. |
| CVE-2024-28387 | 2024-03-25 | An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. |
| CVE-2024-28393 | 2024-03-25 | SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. |
| CVE-2024-28421 | 2024-03-25 | SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php |
| CVE-2024-28434 | 2024-03-25 | The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. |
| CVE-2024-28435 | 2024-03-25 | The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. |
| CVE-2024-29301 | 2024-03-25 | SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id= |
| CVE-2024-29302 | 2024-03-25 | SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php. |
| CVE-2024-29303 | 2024-03-25 | The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection |
| CVE-2024-29515 | 2024-03-25 | File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. |
| CVE-2024-29650 | 2024-03-25 | An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. |
| CVE-2024-29666 | 2024-03-25 | Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. |
| CVE-2024-30187 | 2024-03-25 | Anope before 2.0.15 does not prevent resetting the password of a suspended account. |
| CVE-2024-30202 | 2024-03-25 | In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. |
| CVE-2024-30203 | 2024-03-25 | In Emacs before 29.3, Gnus treats inline MIME contents as trusted. |
| CVE-2024-30204 | 2024-03-25 | In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. |
| CVE-2024-30205 | 2024-03-25 | In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. |
| CVE-2024-28386 | 2024-03-25 | An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. |
| CVE-2024-28041 | 2024-03-25 | HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. |
| CVE-2024-29071 | 2024-03-25 | HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. |
| CVE-2024-21865 | 2024-03-25 | HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. |
| CVE-2024-29009 | 2024-03-25 | Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views... |
| CVE-2023-37886 | 2024-03-25 | WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability |
| CVE-2023-37885 | 2024-03-25 | WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability |
| CVE-2023-33923 | 2024-03-25 | Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes |
| CVE-2023-30480 | 2024-03-25 | WordPress Educenter theme <= 1.5.5 - Broken Access Control |
| CVE-2024-21505 | 2024-03-25 | Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's... |
| CVE-2024-1231 | 2024-03-25 | CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF |
| CVE-2024-1232 | 2024-03-25 | CM Download Manager < 2.9.0 - Download Deletion via CSRF |
| CVE-2024-1564 | 2024-03-25 | Schema Pro < 2.7.16 - Contributor+ Custom Field Access |
| CVE-2024-1962 | 2024-03-25 | CM Download and File Manager < 2.9.1 - Download Edit via CSRF |
| CVE-2022-36407 | 2024-03-25 | Information Exposure Vulnerability in Hitachi Disk Array Systems |
| CVE-2024-29216 | 2024-03-25 | Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary... |
| CVE-2024-2862 | 2024-03-25 | Password reset vulnerability without authorization on LG LED Assistant |
| CVE-2024-2863 | 2024-03-25 | Path traversal via file upload on LG LED Assistant |
| CVE-2021-33632 | 2024-03-25 | TOCTOU Race Condition problem in iSulad |
| CVE-2020-36826 | 2024-03-25 | AwesomestCode LiveBot parseMessage.js parseSend cross site scripting |
| CVE-2024-24890 | 2024-03-25 | Command injection in ioprobe of gala-gopher |
| CVE-2024-24897 | 2024-03-25 | Remote command execution in A-Tune-Collector |
| CVE-2024-24899 | 2024-03-25 | Command injection in aops-zeus |
| CVE-2024-24892 | 2024-03-25 | Unauthorized RCE in migration-tools |
| CVE-2024-25964 | 2024-03-25 | Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2021-47136 | 2024-03-25 | net: zero-initialize tc skb extension on allocation |
| CVE-2021-47137 | 2024-03-25 | net: lantiq: fix memory corruption in RX ring |
| CVE-2021-47138 | 2024-03-25 | cxgb4: avoid accessing registers when clearing filters |
| CVE-2021-47139 | 2024-03-25 | net: hns3: put off calling register_netdev() until client initialize complete |
| CVE-2021-47140 | 2024-03-25 | iommu/amd: Clear DMA ops when switching domain |
| CVE-2021-47141 | 2024-03-25 | gve: Add NULL pointer checks when freeing irqs. |
| CVE-2021-47142 | 2024-03-25 | drm/amdgpu: Fix a use-after-free |
| CVE-2021-47143 | 2024-03-25 | net/smc: remove device from smcd_dev_list after failed device_add() |
| CVE-2021-47145 | 2024-03-25 | btrfs: do not BUG_ON in link_to_fixup_dir |
| CVE-2021-47146 | 2024-03-25 | mld: fix panic in mld_newpack() |
| CVE-2021-47147 | 2024-03-25 | ptp: ocp: Fix a resource leak in an error handling path |
| CVE-2021-47148 | 2024-03-25 | octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() |
| CVE-2021-47149 | 2024-03-25 | net: fujitsu: fix potential null-ptr-deref |
| CVE-2021-47150 | 2024-03-25 | net: fec: fix the potential memory leak in fec_enet_init() |
| CVE-2021-47151 | 2024-03-25 | interconnect: qcom: bcm-voter: add a missing of_node_put() |
| CVE-2021-47152 | 2024-03-25 | mptcp: fix data stream corruption |
| CVE-2021-47153 | 2024-03-25 | i2c: i801: Don't generate an interrupt on bus reset |
| CVE-2021-47158 | 2024-03-25 | net: dsa: sja1105: add error handling in sja1105_setup() |
| CVE-2021-47159 | 2024-03-25 | net: dsa: fix a crash if ->get_sset_count() fails |
| CVE-2021-47160 | 2024-03-25 | net: dsa: mt7530: fix VLAN traffic leaks |
| CVE-2021-47161 | 2024-03-25 | spi: spi-fsl-dspi: Fix a resource leak in an error handling path |
| CVE-2021-47162 | 2024-03-25 | tipc: skb_linearize the head skb when reassembling msgs |
| CVE-2021-47163 | 2024-03-25 | tipc: wait and exit until all work queues are done |
| CVE-2021-47164 | 2024-03-25 | net/mlx5e: Fix null deref accessing lag dev |
| CVE-2021-47165 | 2024-03-25 | drm/meson: fix shutdown crash when component not probed |
| CVE-2021-47166 | 2024-03-25 | NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() |
| CVE-2021-47167 | 2024-03-25 | NFS: Fix an Oopsable condition in __nfs_pageio_add_request() |
| CVE-2021-47168 | 2024-03-25 | NFS: fix an incorrect limit in filelayout_decode_layout() |
| CVE-2021-47169 | 2024-03-25 | serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' |
| CVE-2021-47170 | 2024-03-25 | USB: usbfs: Don't WARN about excessively large memory allocations |
| CVE-2021-47171 | 2024-03-25 | net: usb: fix memory leak in smsc75xx_bind |
| CVE-2021-47172 | 2024-03-25 | iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers |
| CVE-2021-47173 | 2024-03-25 | misc/uss720: fix memory leak in uss720_probe |
| CVE-2021-47174 | 2024-03-25 | netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version |
| CVE-2021-47175 | 2024-03-25 | net/sched: fq_pie: fix OOB access in the traffic path |
| CVE-2021-47176 | 2024-03-25 | s390/dasd: add missing discipline function |
| CVE-2021-47177 | 2024-03-25 | iommu/vt-d: Fix sysfs leak in alloc_iommu() |
| CVE-2021-47178 | 2024-03-25 | scsi: target: core: Avoid smp_processor_id() in preemptible code |
| CVE-2021-47179 | 2024-03-25 | NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() |
| CVE-2021-47180 | 2024-03-25 | NFC: nci: fix memory leak in nci_allocate_device |
| CVE-2024-2864 | 2024-03-25 | WordPress Youzify - Buddypress Moderation plugin <= 1.2.5 - Unauthenticated Cross Site Scripting (XSS) vulnerability |
| CVE-2023-27608 | 2024-03-25 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2022-44626 | 2024-03-25 | WordPress Squirrly SEO (Peaks) plugin <= 12.1.20 - Broken Access Control vulnerability |
| CVE-2022-45349 | 2024-03-25 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45351 | 2024-03-25 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45352 | 2024-03-25 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45356 | 2024-03-25 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45851 | 2024-03-25 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability |
| CVE-2023-22699 | 2024-03-25 | WordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation Vulnerability |
| CVE-2022-38057 | 2024-03-25 | WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability |