Lista CVE - 2024 / Marzo
Visualizzazione 1901 - 2000 di 3299 CVE per Marzo 2024 (Pagina 20 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-2648 | 2024-03-19 | Netentsec NS-ASG Application Security Gateway naccheck.php xpath injection |
| CVE-2024-2649 | 2024-03-19 | Netentsec NS-ASG Application Security Gateway deleteonlineuser.php sql injection |
| CVE-2024-2197 | 2024-03-19 | Chirp Systems Chirp Access Use of Hard-coded Password |
| CVE-2024-22077 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. |
| CVE-2024-22078 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions.... |
| CVE-2024-22079 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. |
| CVE-2024-22080 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing. |
| CVE-2024-22081 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. |
| CVE-2024-22082 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a... |
| CVE-2024-22083 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device,... |
| CVE-2024-22084 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. |
| CVE-2024-22085 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. |
| CVE-2024-23721 | 2024-03-20 | A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information. |
| CVE-2024-24050 | 2024-03-20 | Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. |
| CVE-2024-25294 | 2024-03-20 | An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. |
| CVE-2024-28286 | 2024-03-20 | In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash |
| CVE-2024-28392 | 2024-03-20 | SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. |
| CVE-2024-28395 | 2024-03-20 | SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. |
| CVE-2024-28396 | 2024-03-20 | An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. |
| CVE-2024-28562 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format. |
| CVE-2024-28563 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format. |
| CVE-2024-28564 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format. |
| CVE-2024-28565 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format. |
| CVE-2024-28566 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format. |
| CVE-2024-28567 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format. |
| CVE-2024-28568 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format. |
| CVE-2024-28569 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format. |
| CVE-2024-28570 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format. |
| CVE-2024-28571 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format. |
| CVE-2024-28572 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. |
| CVE-2024-28573 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. |
| CVE-2024-28574 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format. |
| CVE-2024-28575 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format. |
| CVE-2024-28576 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format. |
| CVE-2024-28577 | 2024-03-20 | Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG... |
| CVE-2024-28578 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. |
| CVE-2024-28579 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format. |
| CVE-2024-28580 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. |
| CVE-2024-28581 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. |
| CVE-2024-28582 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. |
| CVE-2024-28583 | 2024-03-20 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. |
| CVE-2024-28584 | 2024-03-20 | Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K... |
| CVE-2024-28735 | 2024-03-20 | Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of... |
| CVE-2024-29469 | 2024-03-20 | A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the... |
| CVE-2024-29470 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. |
| CVE-2024-29471 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. |
| CVE-2024-29474 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. |
| CVE-2023-50967 | 2024-03-20 | latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. |
| CVE-2024-29419 | 2024-03-20 | There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. |
| CVE-2024-29472 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. |
| CVE-2024-29473 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. |
| CVE-2024-2387 | 2024-03-20 | The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integration_id’ parameter in... |
| CVE-2024-1785 | 2024-03-20 | The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce... |
| CVE-2024-1787 | 2024-03-20 | The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'update_rewards_fuel_api_key' parameter in all versions up to, and including, 2.0.64 due to insufficient input... |
| CVE-2024-1995 | 2024-03-20 | The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and... |
| CVE-2024-2668 | 2024-03-20 | Campcodes Online Job Finder System controller.php sql injection |
| CVE-2024-2669 | 2024-03-20 | Campcodes Online Job Finder System GET Parameter controller.php sql injection |
| CVE-2024-2460 | 2024-03-20 | The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input... |
| CVE-2024-2384 | 2024-03-20 | The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication... |
| CVE-2024-1799 | 2024-03-20 | The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the... |
| CVE-2024-2255 | 2024-03-20 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and... |
| CVE-2024-22258 | 2024-03-20 | CVE-2024-22258: PKCE Downgrade in Spring Authorization Server |
| CVE-2024-2670 | 2024-03-20 | Campcodes Online Job Finder System index.php sql injection |
| CVE-2024-2671 | 2024-03-20 | Campcodes Online Job Finder System index.php sql injection |
| CVE-2024-2672 | 2024-03-20 | Campcodes Online Job Finder System controller.php sql injection |
| CVE-2024-2474 | 2024-03-20 | The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to... |
| CVE-2024-2124 | 2024-03-20 | The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due... |
| CVE-2023-7246 | 2024-03-20 | System Dashboard < 2.8.10 - XSS via Header Injection |
| CVE-2024-0337 | 2024-03-20 | Travelpayouts <= 1.1.15 - Open Redirect |
| CVE-2024-0856 | 2024-03-20 | Booking Calendar < 1.3.83 - CSRF appointment scheduling |
| CVE-2024-1983 | 2024-03-20 | Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS |
| CVE-2024-2673 | 2024-03-20 | Campcodes Online Job Finder System login.php sql injection |
| CVE-2024-2674 | 2024-03-20 | Campcodes Online Job Finder System index.php sql injection |
| CVE-2024-2538 | 2024-03-20 | The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and... |
| CVE-2024-2675 | 2024-03-20 | Campcodes Online Job Finder System index.php sql injection |
| CVE-2024-2676 | 2024-03-20 | Campcodes Online Job Finder System controller.php sql injection |
| CVE-2024-2677 | 2024-03-20 | Campcodes Online Job Finder System controller.php sql injection |
| CVE-2024-2129 | 2024-03-20 | The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due... |
| CVE-2024-1477 | 2024-03-20 | The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for... |
| CVE-2024-2459 | 2024-03-20 | The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization... |
| CVE-2024-1473 | 2024-03-20 | The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes... |
| CVE-2024-1844 | 2024-03-20 | The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and... |
| CVE-2024-1181 | 2024-03-20 | The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due... |
| CVE-2024-2304 | 2024-03-20 | The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization... |
| CVE-2024-1119 | 2024-03-20 | The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to,... |
| CVE-2024-1205 | 2024-03-20 | The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in... |
| CVE-2024-1379 | 2024-03-20 | The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient... |
| CVE-2024-1325 | 2024-03-20 | The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing... |
| CVE-2024-1711 | 2024-03-20 | The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the... |
| CVE-2024-2678 | 2024-03-20 | Campcodes Online Job Finder System controller.php sql injection |
| CVE-2024-2679 | 2024-03-20 | Campcodes Online Job Finder System index.php cross site scripting |
| CVE-2024-2680 | 2024-03-20 | Campcodes Online Job Finder System index.php cross site scripting |
| CVE-2024-2681 | 2024-03-20 | Campcodes Online Job Finder System index.php cross site scripting |
| CVE-2024-2682 | 2024-03-20 | Campcodes Online Job Finder System controller.php cross site scripting |
| CVE-2024-2683 | 2024-03-20 | Campcodes Online Job Finder System index.php cross site scripting |
| CVE-2024-2684 | 2024-03-20 | Campcodes Online Job Finder System index.php cross site scripting |
| CVE-2024-2685 | 2024-03-20 | Campcodes Online Job Finder System index.php cross site scripting |
| CVE-2024-2686 | 2024-03-20 | Campcodes Online Job Finder System controller.php cross site scripting |
| CVE-2024-2687 | 2024-03-20 | Campcodes Online Job Finder System index.php sql injection |
| CVE-2024-2702 | 2024-03-20 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability |