Lista CVE - 2024 / Marzo
Visualizzazione 301 - 400 di 3299 CVE per Marzo 2024 (Pagina 4 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-38360 | 2024-03-04 | IBM CICS TX cross-site scripting |
| CVE-2021-47086 | 2024-03-04 | phonet/pep: refuse to enable an unbound pipe |
| CVE-2021-47082 | 2024-03-04 | tun: avoid double free in tun_free_netdev |
| CVE-2021-47083 | 2024-03-04 | pinctrl: mediatek: fix global-out-of-bounds issue |
| CVE-2021-47087 | 2024-03-04 | tee: optee: Fix incorrect page free bug |
| CVE-2021-47088 | 2024-03-04 | mm/damon/dbgfs: protect targets destructions with kdamond_lock |
| CVE-2021-47089 | 2024-03-04 | kfence: fix memory leak when cat kfence objects |
| CVE-2021-47090 | 2024-03-04 | mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() |
| CVE-2021-47091 | 2024-03-04 | mac80211: fix locking in ieee80211_start_ap error path |
| CVE-2021-47092 | 2024-03-04 | KVM: VMX: Always clear vmx->fail on emulation_required |
| CVE-2021-47093 | 2024-03-04 | platform/x86: intel_pmc_core: fix memleak on registration failure |
| CVE-2021-47094 | 2024-03-04 | KVM: x86/mmu: Don't advance iterator after restart due to yielding |
| CVE-2021-47095 | 2024-03-04 | ipmi: ssif: initialize ssif_info->client early |
| CVE-2021-47096 | 2024-03-04 | ALSA: rawmidi - fix the uninitalized user_pversion |
| CVE-2021-47097 | 2024-03-04 | Input: elantech - fix stack out of bound access in elantech_change_report_id() |
| CVE-2021-47098 | 2024-03-04 | hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations |
| CVE-2021-47099 | 2024-03-04 | veth: ensure skb entering GRO are not cloned. |
| CVE-2021-47100 | 2024-03-04 | ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module |
| CVE-2021-47101 | 2024-03-04 | asix: fix uninit-value in asix_mdio_read() |
| CVE-2021-47102 | 2024-03-04 | net: marvell: prestera: fix incorrect structure access |
| CVE-2021-47103 | 2024-03-04 | inet: fully convert sk->sk_rx_dst to RCU rules |
| CVE-2021-47104 | 2024-03-04 | IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() |
| CVE-2021-47105 | 2024-03-04 | ice: xsk: return xsk buffers back to pool when cleaning the ring |
| CVE-2021-47106 | 2024-03-04 | netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() |
| CVE-2021-47107 | 2024-03-04 | NFSD: Fix READDIR buffer overflow |
| CVE-2021-47108 | 2024-03-04 | drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf |
| CVE-2023-32331 | 2024-03-04 | IBM Connect:Express for UNIX denial of service |
| CVE-2024-27889 | 2024-03-04 | Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). |
| CVE-2023-6068 | 2024-03-04 | On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some |
| CVE-2024-2048 | 2024-03-04 | Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates |
| CVE-2024-1319 | 2024-03-04 | Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure |
| CVE-2024-1316 | 2024-03-04 | Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access |
| CVE-2024-2168 | 2024-03-04 | SourceCodester Online Tours & Travels Management System HTTP POST Request expense_category.php sql injection |
| CVE-2024-1936 | 2024-03-04 | The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email... |
| CVE-2023-41827 | 2024-03-04 | An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI. |
| CVE-2023-41829 | 2024-03-04 | An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization. |
| CVE-2022-46088 | 2024-03-05 | Online Flight Booking Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the feedback form. |
| CVE-2024-22188 | 2024-03-05 | TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in... |
| CVE-2024-22889 | 2024-03-05 | Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request. |
| CVE-2024-24098 | 2024-03-05 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed. |
| CVE-2024-24278 | 2024-03-05 | An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. |
| CVE-2024-25817 | 2024-03-05 | Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. |
| CVE-2024-26333 | 2024-03-05 | swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c. |
| CVE-2024-26334 | 2024-03-05 | swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. |
| CVE-2024-26335 | 2024-03-05 | swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. |
| CVE-2024-26337 | 2024-03-05 | swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. |
| CVE-2024-26339 | 2024-03-05 | swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. |
| CVE-2024-27561 | 2024-03-05 | A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin... |
| CVE-2024-27563 | 2024-03-05 | A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl... |
| CVE-2024-27565 | 2024-03-05 | A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. |
| CVE-2024-27622 | 2024-03-05 | A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied... |
| CVE-2024-27623 | 2024-03-05 | CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs. |
| CVE-2024-27625 | 2024-03-05 | CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to... |
| CVE-2024-27626 | 2024-03-05 | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. |
| CVE-2024-27627 | 2024-03-05 | A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page. |
| CVE-2024-27764 | 2024-03-05 | An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. |
| CVE-2024-27765 | 2024-03-05 | Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component. |
| CVE-2023-38944 | 2024-03-05 | An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP... |
| CVE-2023-43318 | 2024-03-05 | TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. |
| CVE-2023-48644 | 2024-03-05 | An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field.... |
| CVE-2024-24275 | 2024-03-05 | Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function. |
| CVE-2024-24276 | 2024-03-05 | Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message... |
| CVE-2024-25269 | 2024-03-05 | libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack. |
| CVE-2024-25858 | 2024-03-05 | In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands. |
| CVE-2024-27564 | 2024-03-05 | pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but... |
| CVE-2024-1178 | 2024-03-05 | The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all... |
| CVE-2024-1782 | 2024-03-05 | The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization... |
| CVE-2024-1478 | 2024-03-05 | The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated... |
| CVE-2024-1095 | 2024-03-05 | The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export()... |
| CVE-2024-0698 | 2024-03-05 | The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output... |
| CVE-2024-1731 | 2024-03-05 | The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options... |
| CVE-2024-1285 | 2024-03-05 | The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content'... |
| CVE-2024-1088 | 2024-03-05 | The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it... |
| CVE-2024-0825 | 2024-03-05 | The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via... |
| CVE-2024-1381 | 2024-03-05 | The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes... |
| CVE-2024-1769 | 2024-03-05 | The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for... |
| CVE-2024-1093 | 2024-03-05 | The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions... |
| CVE-2024-21815 | 2024-03-05 | Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to... |
| CVE-2024-21838 | 2024-03-05 | Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command... |
| CVE-2024-22383 | 2024-03-05 | Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface,... |
| CVE-2023-52432 | 2024-03-05 | Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory. |
| CVE-2024-20829 | 2024-03-05 | Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. |
| CVE-2024-20830 | 2024-03-05 | Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings. |
| CVE-2024-20831 | 2024-03-05 | Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code. |
| CVE-2024-20832 | 2024-03-05 | Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code. |
| CVE-2024-20834 | 2024-03-05 | The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission. |
| CVE-2024-20835 | 2024-03-05 | Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors. |
| CVE-2024-20836 | 2024-03-05 | Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory. |
| CVE-2024-20837 | 2024-03-05 | Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction. |
| CVE-2024-20838 | 2024-03-05 | Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. |
| CVE-2024-20839 | 2024-03-05 | Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the... |
| CVE-2024-20840 | 2024-03-05 | Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder... |
| CVE-2024-20841 | 2024-03-05 | Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. |
| CVE-2023-42419 | 2024-03-05 | Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition) |
| CVE-2024-20833 | 2024-03-05 | Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption. |
| CVE-2023-5456 | 2024-03-05 | A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with... |
| CVE-2023-5457 | 2024-03-05 | A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote... |
| CVE-2022-48629 | 2024-03-05 | crypto: qcom-rng - ensure buffer for generate is completely filled |
| CVE-2022-48630 | 2024-03-05 | crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ |
| CVE-2023-45591 | 2024-03-05 | A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary.... |