Lista CVE - 2024 / Marzo
Visualizzazione 1801 - 1900 di 3299 CVE per Marzo 2024 (Pagina 19 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-0054 | 2024-03-19 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a... |
| CVE-2024-0055 | 2024-03-19 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource... |
| CVE-2024-22453 | 2024-03-19 | Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory. |
| CVE-2024-25942 | 2024-03-19 | Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. |
| CVE-2024-24683 | 2024-03-19 | Apache Hop Engine: ID isn't escaped when generating HTML |
| CVE-2024-27439 | 2024-03-19 | Apache Wicket: Possible bypass of CSRF protection |
| CVE-2024-1144 | 2024-03-19 | Improper Access Control at Alma Devklan Blog |
| CVE-2024-1145 | 2024-03-19 | Observable Response Discrepancy at Alma Devklan Blog |
| CVE-2024-1146 | 2024-03-19 | Cross-site Scripting at Alma Devklan Blog |
| CVE-2024-2632 | 2024-03-19 | Information Exposure Vulnerability on Meta4 HR |
| CVE-2024-2605 | 2024-03-19 | An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems... |
| CVE-2024-2606 | 2024-03-19 | Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. |
| CVE-2024-2607 | 2024-03-19 | Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox... |
| CVE-2024-2608 | 2024-03-19 | `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR... |
| CVE-2023-5388 | 2024-03-19 | NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124,... |
| CVE-2024-2609 | 2024-03-19 | The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox... |
| CVE-2024-2610 | 2024-03-19 | Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR... |
| CVE-2024-2611 | 2024-03-19 | A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR... |
| CVE-2024-2612 | 2024-03-19 | If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This... |
| CVE-2024-2613 | 2024-03-19 | Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. |
| CVE-2024-2614 | 2024-03-19 | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2024-2615 | 2024-03-19 | Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2024-2616 | 2024-03-19 | To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. |
| CVE-2024-2633 | 2024-03-19 | Multiple vulnerabilities on Meta4 HR from Cegid |
| CVE-2024-2634 | 2024-03-19 | Multiple vulnerabilities on Meta4 HR from Cegid |
| CVE-2024-2635 | 2024-03-19 | Multiple vulnerabilities on Meta4 HR from Cegid |
| CVE-2024-2636 | 2024-03-19 | Multiple vulnerabilities on Meta4 HR from Cegid |
| CVE-2024-29143 | 2024-03-19 | WordPress Passwordless Login plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29142 | 2024-03-19 | WordPress Better Search plugin <= 3.3.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29141 | 2024-03-19 | WordPress PDF Embedder plugin <= 4.6.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29140 | 2024-03-19 | WordPress MJM Clinic plugin <= 1.1.22 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29139 | 2024-03-19 | WordPress MyCurator Content Curation plugin <= 3.76 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29138 | 2024-03-19 | WordPress Restrict User Access plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29137 | 2024-03-19 | WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29136 | 2024-03-19 | WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability |
| CVE-2024-29135 | 2024-03-19 | WordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerability |
| CVE-2024-29134 | 2024-03-19 | WordPress Tourfic plugin <= 2.11.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29130 | 2024-03-19 | WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29129 | 2024-03-19 | WordPress OxyExtras plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29128 | 2024-03-19 | WordPress POST SMTP Mailer plugin <= 2.8.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29127 | 2024-03-19 | WordPress Advanced Access Manager plugin <= 6.9.20 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29126 | 2024-03-19 | WordPress Specific Content For Mobile plugin <= 0.1.9.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29125 | 2024-03-19 | WordPress Coupon Affiliates plugin <= 5.12.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29124 | 2024-03-19 | WordPress Advanced Access Manager plugin <= 6.9.20 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-1401 | 2024-03-19 | Profile Box Shortcode And Widget < 1.2.1 Admin+ Stored XSS |
| CVE-2024-29123 | 2024-03-19 | WordPress Link Library plugin <= 7.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29122 | 2024-03-19 | WordPress FV Player plugin <= 7.5.41.7212 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29121 | 2024-03-19 | WordPress WooCommerce License Manager plugin <= 5.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29118 | 2024-03-19 | WordPress Scrollsequence plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29117 | 2024-03-19 | WordPress Contact Forms by Cimatti plugin <= 1.7.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29116 | 2024-03-19 | WordPress WooThumbs for WooCommerce by Iconic plugin <= 5.5.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29115 | 2024-03-19 | WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29114 | 2024-03-19 | WordPress Download Manager plugin <= 3.2.84 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-2639 | 2024-03-19 | Bdtask Wholesale Inventory Management System session fixiation |
| CVE-2024-29113 | 2024-03-19 | WordPress RegistrationMagic plugin <= 5.2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29112 | 2024-03-19 | WordPress WooCommerce Google Feed Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29111 | 2024-03-19 | WordPress Sitekit plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29110 | 2024-03-19 | WordPress Tablesome plugin <= 1.0.27 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29109 | 2024-03-19 | WordPress Shariff Wrapper plugin <= 4.6.10 - Contributor+ Cross Site Scripting (XSS) vulnerability |
| CVE-2024-0450 | 2024-03-19 | Quoted zip-bomb protection for zipfile |
| CVE-2024-29108 | 2024-03-19 | WordPress Happy Addons for Elementor plugin <= 3.10.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29107 | 2024-03-19 | WordPress Elementor Addon Elements plugin <= 1.12.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29106 | 2024-03-19 | WordPress Premium Addons for Elementor plugin <= 4.10.16 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29105 | 2024-03-19 | WordPress WP Popups – WordPress Popup builder plugin <= 2.1.5.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29104 | 2024-03-19 | WordPress Ticket Tailor plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29103 | 2024-03-19 | WordPress Database for Contact Form 7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability |
| CVE-2023-6597 | 2024-03-19 | An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors.... |
| CVE-2024-29102 | 2024-03-19 | WordPress Extensions For CF7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29101 | 2024-03-19 | WordPress Jeg Elementor Kit plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-32259 | 2024-03-19 | Potential Insufficient Access Control vulnerability has been identified in OpenText™ SMAX/AMX products. |
| CVE-2023-32260 | 2024-03-19 | A potential Misinterpretation of Input vulnerability has been identified in SMAX, AMX, and HCMX products. |
| CVE-2024-29099 | 2024-03-19 | WordPress Evergreen Content Poster plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29098 | 2024-03-19 | WordPress WP Calameo plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29097 | 2024-03-19 | WordPress User profile plugin <= 2.0.20 - Subscriber+ Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29096 | 2024-03-19 | WordPress MJM Clinic plugin <= 1.1.22 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29095 | 2024-03-19 | WordPress Site Reviews plugin <= 6.11.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-2307 | 2024-03-19 | Osbuild-composer: race condition may disable gpg verification for package repositories |
| CVE-2023-44090 | 2024-03-19 | UnautH SQL Injection |
| CVE-2024-2442 | 2024-03-19 | Path Traversal vulnerability in Franklin Fueling System EVO 550/5000 |
| CVE-2023-44091 | 2024-03-19 | Unauth Time-Based SQL Injection |
| CVE-2023-44092 | 2024-03-19 | OS Command Injection |
| CVE-2023-41793 | 2024-03-19 | Path Traversal and Untrusted Upload File |
| CVE-2024-29094 | 2024-03-19 | WordPress HT Easy GA4 plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29093 | 2024-03-19 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-29092 | 2024-03-19 | WordPress Permalink Manager Lite plugin <= 2.4.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29091 | 2024-03-19 | WordPress WP Armour plugin <= 2.1.13 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29089 | 2024-03-19 | WordPress Restaurant Menu and Food Ordering plugin <= 2.4.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27998 | 2024-03-19 | WordPress Barcode Scanner and Inventory manager plugin <= 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2023-42920 | 2024-03-19 | Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS. |
| CVE-2024-27997 | 2024-03-19 | WordPress Visual Composer plugin <= 45.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27996 | 2024-03-19 | WordPress Survey Maker plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-21677 | 2024-03-19 | This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to... |
| CVE-2024-29027 | 2024-03-19 | Parse Server crash and RCE via invalid Cloud Function or Cloud Job name |
| CVE-2024-2169 | 2024-03-19 | Implementations of UDP application protocols are susceptible to network loops and denial of service |
| CVE-2024-2641 | 2024-03-19 | Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization |
| CVE-2024-2642 | 2024-03-19 | Ruijie RG-NBS2009G-P EXCU_SHELL command injection |
| CVE-2024-2644 | 2024-03-19 | Netentsec NS-ASG Application Security Gateway addfirewall.php sql injection |
| CVE-2024-2645 | 2024-03-19 | Netentsec NS-ASG Application Security Gateway resetpwd.php xpath injection |
| CVE-2024-2646 | 2024-03-19 | Netentsec NS-ASG Application Security Gateway sql injection |
| CVE-2024-2647 | 2024-03-19 | Netentsec NS-ASG Application Security Gateway singlelogin.php sql injection |