Lista CVE - 2024 / Marzo
Visualizzazione 101 - 200 di 3299 CVE per Marzo 2024 (Pagina 2 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-7243 | 2024-03-01 | Ethercat Zeek Plugin Out-of-bounds Write |
| CVE-2023-7242 | 2024-03-01 | Ethercat Zeek Plugin Out-of-bounds Read |
| CVE-2024-20328 | 2024-03-01 | ClamAV VirusEvent File Processing Command Injection Vulnerability |
| CVE-2024-22182 | 2024-03-01 | Commend WS203VICM Argument Injection |
| CVE-2024-21767 | 2024-03-01 | Commend WS203VICM Improper Access Control |
| CVE-2024-23492 | 2024-03-01 | Commend WS203VICM Weak Encoding for Password |
| CVE-2024-27101 | 2024-03-01 | Integer overflow in chunking helper causes dispatching to miss elements or panic |
| CVE-2021-47069 | 2024-03-01 | ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry |
| CVE-2021-47070 | 2024-03-01 | uio_hv_generic: Fix another memory leak in error handling paths |
| CVE-2021-47071 | 2024-03-01 | uio_hv_generic: Fix a memory leak in error handling paths |
| CVE-2021-47072 | 2024-03-01 | btrfs: fix removed dentries still existing after log is synced |
| CVE-2021-47073 | 2024-03-01 | platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios |
| CVE-2021-47074 | 2024-03-01 | nvme-loop: fix memory leak in nvme_loop_create_ctrl() |
| CVE-2021-47075 | 2024-03-01 | nvmet: fix memory leak in nvmet_alloc_ctrl() |
| CVE-2021-47076 | 2024-03-01 | RDMA/rxe: Return CQE error if invalid lkey was supplied |
| CVE-2021-47077 | 2024-03-01 | scsi: qedf: Add pointer checks in qedf_update_link_speed() |
| CVE-2021-47078 | 2024-03-01 | RDMA/rxe: Clear all QP fields if creation failed |
| CVE-2021-47079 | 2024-03-01 | platform/x86: ideapad-laptop: fix a NULL pointer dereference |
| CVE-2021-47080 | 2024-03-01 | RDMA/core: Prevent divide-by-zero error triggered by the user |
| CVE-2021-47081 | 2024-03-01 | habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory |
| CVE-2024-1869 | 2024-03-01 | Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. |
| CVE-2024-25865 | 2024-03-02 | Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function. |
| CVE-2024-25063 | 2024-03-02 | Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. |
| CVE-2024-25064 | 2024-03-02 | Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. |
| CVE-2024-1592 | 2024-03-02 | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect... |
| CVE-2024-1775 | 2024-03-02 | The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due... |
| CVE-2024-0378 | 2024-03-02 | The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in... |
| CVE-2023-6326 | 2024-03-02 | The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or... |
| CVE-2024-0611 | 2024-03-02 | The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This... |
| CVE-2024-1449 | 2024-03-02 | The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.5 due... |
| CVE-2024-1398 | 2024-03-02 | The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_title_tag’ and ’heading_sub_title_tag’ parameters in all versions up to, and including, 1.3.6 due... |
| CVE-2024-0795 | 2024-03-02 | Create user API role not enforced |
| CVE-2022-48627 | 2024-03-02 | vt: fix memory overlapping when deleting chars in the buffer |
| CVE-2024-26621 | 2024-03-02 | mm: huge_memory: don't force huge page alignment on 32 bit |
| CVE-2022-48628 | 2024-03-02 | ceph: drop messages from MDS when unmounting |
| CVE-2023-52499 | 2024-03-02 | powerpc/47x: Fix 47x syscall return crash |
| CVE-2023-52500 | 2024-03-02 | scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command |
| CVE-2023-52501 | 2024-03-02 | ring-buffer: Do not attempt to read past "commit" |
| CVE-2023-52502 | 2024-03-02 | net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() |
| CVE-2023-52503 | 2024-03-02 | tee: amdtee: fix use-after-free vulnerability in amdtee_close_session |
| CVE-2023-52504 | 2024-03-02 | x86/alternatives: Disable KASAN in apply_alternatives() |
| CVE-2023-52505 | 2024-03-02 | phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers |
| CVE-2023-52506 | 2024-03-02 | LoongArch: Set all reserved memblocks on Node#0 at initialization |
| CVE-2023-52507 | 2024-03-02 | nfc: nci: assert requested protocol is valid |
| CVE-2023-52508 | 2024-03-02 | nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() |
| CVE-2023-52509 | 2024-03-02 | ravb: Fix use-after-free issue in ravb_tx_timeout_work() |
| CVE-2023-52510 | 2024-03-02 | ieee802154: ca8210: Fix a potential UAF in ca8210_probe |
| CVE-2023-52511 | 2024-03-02 | spi: sun6i: reduce DMA RX transfer width to single byte |
| CVE-2023-52512 | 2024-03-02 | pinctrl: nuvoton: wpcm450: fix out of bounds write |
| CVE-2023-52513 | 2024-03-02 | RDMA/siw: Fix connection failure handling |
| CVE-2023-52515 | 2024-03-02 | RDMA/srp: Do not call scsi_done() from srp_abort() |
| CVE-2023-52516 | 2024-03-02 | dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock |
| CVE-2023-52517 | 2024-03-02 | spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain |
| CVE-2023-52519 | 2024-03-02 | HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit |
| CVE-2023-52520 | 2024-03-02 | platform/x86: think-lmi: Fix reference leak |
| CVE-2023-52522 | 2024-03-02 | net: fix possible store tearing in neigh_periodic_work() |
| CVE-2023-52523 | 2024-03-02 | bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets |
| CVE-2023-52524 | 2024-03-02 | net: nfc: llcp: Add lock when modifying device list |
| CVE-2023-52525 | 2024-03-02 | wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet |
| CVE-2023-52526 | 2024-03-02 | erofs: fix memory leak of LZMA global compressed deduplication |
| CVE-2023-52527 | 2024-03-02 | ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() |
| CVE-2023-52528 | 2024-03-02 | net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg |
| CVE-2023-52529 | 2024-03-02 | HID: sony: Fix a potential memory leak in sony_probe() |
| CVE-2023-52530 | 2024-03-02 | wifi: mac80211: fix potential key use-after-free |
| CVE-2023-52531 | 2024-03-02 | wifi: iwlwifi: mvm: Fix a memory corruption issue |
| CVE-2023-52532 | 2024-03-02 | net: mana: Fix TX CQE error handling |
| CVE-2023-52518 | 2024-03-02 | Bluetooth: hci_codec: Fix leaking content of local_codecs |
| CVE-2023-52559 | 2024-03-02 | iommu/vt-d: Avoid memory allocation in iommu_suspend() |
| CVE-2023-52560 | 2024-03-02 | mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() |
| CVE-2023-52561 | 2024-03-02 | arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved |
| CVE-2023-52562 | 2024-03-02 | mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() |
| CVE-2023-52563 | 2024-03-02 | drm/meson: fix memory leak on ->hpd_notify callback |
| CVE-2023-52564 | 2024-03-02 | Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" |
| CVE-2023-52565 | 2024-03-02 | media: uvcvideo: Fix OOB read |
| CVE-2023-52566 | 2024-03-02 | nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() |
| CVE-2023-52567 | 2024-03-02 | serial: 8250_port: Check IRQ data before use |
| CVE-2023-52568 | 2024-03-02 | x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race |
| CVE-2023-52569 | 2024-03-02 | btrfs: remove BUG() after failure to insert delayed dir index item |
| CVE-2023-52570 | 2024-03-02 | vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() |
| CVE-2023-52571 | 2024-03-02 | power: supply: rk817: Fix node refcount leak |
| CVE-2023-52572 | 2024-03-02 | cifs: Fix UAF in cifs_demultiplex_thread() |
| CVE-2023-52573 | 2024-03-02 | net: rds: Fix possible NULL-pointer dereference |
| CVE-2023-52574 | 2024-03-02 | team: fix null-ptr-deref when team device type is changed |
| CVE-2023-52576 | 2024-03-02 | x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() |
| CVE-2023-52577 | 2024-03-02 | dccp: fix dccp_v4_err()/dccp_v6_err() again |
| CVE-2023-52578 | 2024-03-02 | net: bridge: use DEV_STATS_INC() |
| CVE-2023-52580 | 2024-03-02 | net/core: Fix ETH_P_1588 flow dissector |
| CVE-2023-52581 | 2024-03-02 | netfilter: nf_tables: fix memleak when more than 255 elements expired |
| CVE-2023-52582 | 2024-03-02 | netfs: Only call folio_start_fscache() one time for each folio |
| CVE-2024-2133 | 2024-03-02 | Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting |
| CVE-2019-25210 | 2024-03-03 | An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in... |
| CVE-2024-24302 | 2024-03-03 | An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via... |
| CVE-2024-24307 | 2024-03-03 | Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method. |
| CVE-2024-25551 | 2024-03-03 | Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL. |
| CVE-2024-25839 | 2024-03-03 | An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. |
| CVE-2024-25842 | 2024-03-03 | An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and... |
| CVE-2024-26469 | 2024-03-03 | Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges... |
| CVE-2024-28088 | 2024-03-03 | LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended... |
| CVE-2024-25844 | 2024-03-03 | An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. |
| CVE-2024-25847 | 2024-03-03 | SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and... |