Lista CVE - 2024 / Marzo
Visualizzazione 2501 - 2600 di 3299 CVE per Marzo 2024 (Pagina 26 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-23482 | 2024-03-26 | ZScalerService Local Privilege Escalation |
| CVE-2024-29197 | 2024-03-26 | Pimcore Preview Documents are not restricted to logged in users anymore |
| CVE-2024-26644 | 2024-03-26 | btrfs: don't abort filesystem when attempting to snapshot deleted subvolume |
| CVE-2024-26645 | 2024-03-26 | tracing: Ensure visibility when inserting an element into tracing_map |
| CVE-2024-25958 | 2024-03-26 | Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized... |
| CVE-2024-29832 | 2024-03-26 | WordPress Photo Gallery Plugin <= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_url |
| CVE-2024-25957 | 2024-03-26 | Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading... |
| CVE-2024-29808 | 2024-03-26 | WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_id |
| CVE-2024-29809 | 2024-03-26 | WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_url |
| CVE-2024-29810 | 2024-03-26 | WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_url |
| CVE-2024-29833 | 2024-03-26 | WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler |
| CVE-2024-25956 | 2024-03-26 | Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain... |
| CVE-2024-21912 | 2024-03-26 | Rockwell Automation Arena Simulation vulnerable to out of bounds write |
| CVE-2024-21913 | 2024-03-26 | Rockwell Automation Arena Simulation Vulnerable To Memory Corruption |
| CVE-2024-2452 | 2024-03-26 | Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc() |
| CVE-2024-21918 | 2024-03-26 | Rockwell Automation Arena Simulation Vulnerable To Memory Corruption |
| CVE-2024-21919 | 2024-03-26 | Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer |
| CVE-2024-2214 | 2024-03-26 | Missing array size check in _Mtxinit() in the Xtensa port |
| CVE-2024-21920 | 2024-03-26 | Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow |
| CVE-2024-2915 | 2024-03-26 | Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups... |
| CVE-2024-2921 | 2024-03-26 | Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific... |
| CVE-2024-2929 | 2024-03-26 | Rockwell Automation Arena Simulation Vulnerable To Memory Corruption |
| CVE-2024-2212 | 2024-03-26 | Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet() |
| CVE-2024-2892 | 2024-03-26 | Tenda AC7 setcfm formSetCfm stack-based overflow |
| CVE-2024-2893 | 2024-03-26 | Tenda AC7 SetOnlineDevName formSetDeviceName stack-based overflow |
| CVE-2024-29735 | 2024-03-26 | Apache Airflow: Potentially harmful permission changing by log task handler |
| CVE-2024-2894 | 2024-03-26 | Tenda AC7 SetNetControlList formSetQosBand stack-based overflow |
| CVE-2023-52621 | 2024-03-26 | bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers |
| CVE-2023-52622 | 2024-03-26 | ext4: avoid online resizing failures due to oversized flex bg |
| CVE-2023-52623 | 2024-03-26 | SUNRPC: Fix a suspicious RCU usage warning |
| CVE-2023-44989 | 2024-03-26 | WordPress CF7 Google Sheets Connector plugin <= 5.0.5 - Sensitive Data Exposure via Debug Log vulnerability |
| CVE-2024-1313 | 2024-03-26 | Users outside an organization can delete a snapshot with its key |
| CVE-2024-2895 | 2024-03-26 | Tenda AC7 WifiWpsOOB formWifiWpsOOB stack-based overflow |
| CVE-2023-52624 | 2024-03-26 | drm/amd/display: Wake DMCUB before executing GPINT commands |
| CVE-2023-52625 | 2024-03-26 | drm/amd/display: Refactor DMCUB enter/exit idle interface |
| CVE-2023-52626 | 2024-03-26 | net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context |
| CVE-2023-52627 | 2024-03-26 | iio: adc: ad7091r: Allow users to configure device events |
| CVE-2024-26646 | 2024-03-26 | thermal: intel: hfi: Add syscore callbacks for system-wide PM |
| CVE-2024-26647 | 2024-03-26 | drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' |
| CVE-2024-26648 | 2024-03-26 | drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() |
| CVE-2024-26649 | 2024-03-26 | drm/amdgpu: Fix the null pointer when load rlc firmware |
| CVE-2024-2896 | 2024-03-26 | Tenda AC7 WifiWpsStart formWifiWpsStart stack-based overflow |
| CVE-2024-2951 | 2024-03-26 | WordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-2897 | 2024-03-26 | Tenda AC7 WriteFacMac formWriteFacMac os command injection |
| CVE-2024-2898 | 2024-03-26 | Tenda AC7 SetStaticRouteCfg fromSetRouteStatic stack-based overflow |
| CVE-2024-22436 | 2024-03-26 | A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service. |
| CVE-2024-2899 | 2024-03-26 | Tenda AC7 WifiExtraSet fromSetWirelessRepeat stack-based overflow |
| CVE-2024-2900 | 2024-03-26 | Tenda AC7 saveParentControlInfo stack-based overflow |
| CVE-2023-6091 | 2024-03-26 | WordPress Theme Editor plugin <= 2.7.1 - Arbitrary File Upload vulnerability |
| CVE-2023-23656 | 2024-03-26 | WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability |
| CVE-2023-25965 | 2024-03-26 | WordPress Upload Resume plugin <= 1.2.0 - Sensitive Data Exposure vulnerability |
| CVE-2023-27440 | 2024-03-26 | WordPress Toolset Types plugin <= 3.4.17 - Authenticated Arbitrary File Upload Vulnerability |
| CVE-2024-2901 | 2024-03-26 | Tenda AC7 openSchedWifi setSchedWifi stack-based overflow |
| CVE-2024-2902 | 2024-03-26 | Tenda AC7 WifiGuestSet fromSetWifiGusetBasic stack-based overflow |
| CVE-2023-27459 | 2024-03-26 | WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability |
| CVE-2024-2955 | 2024-03-26 | Mismatched Memory Management Routines in Wireshark |
| CVE-2023-27630 | 2024-03-26 | WordPress Community by PeepSo plugin <= 6.0.9.0 - Server Information Disclosure |
| CVE-2024-2883 | 2024-03-26 | Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2024-2885 | 2024-03-26 | Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-2886 | 2024-03-26 | Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-2887 | 2024-03-26 | Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-28687 | 2024-03-26 | Reflected Cross-Site Scripting (XSS) vulnerability in multiple WordPress themes |
| CVE-2023-28787 | 2024-03-26 | WordPress Quiz And Survey Master plugin <= 8.1.4 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-26303 | 2024-03-26 | Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon |
| CVE-2023-29386 | 2024-03-26 | WordPress Manager for Icomoon plugin <= 2.0 - Arbitrary File Upload vulnerability |
| CVE-2023-47842 | 2024-03-26 | WordPress CataBlog plugin <= 1.7.0 - Arbitrary File Upload vulnerability |
| CVE-2024-2903 | 2024-03-26 | Tenda AC7 GetParentControlInfo stack-based overflow |
| CVE-2023-47846 | 2024-03-26 | WordPress WP Githuber MD plugin <= 1.16.2 - Arbitrary File Upload vulnerability |
| CVE-2023-47873 | 2024-03-26 | WordPress WP Child Theme Generator plugin <= 1.0.9 - Arbitrary File Upload vulnerability |
| CVE-2023-38388 | 2024-03-26 | WordPress Jupiter X Core plugin <= 3.3.5 - Unauth. Arbitrary File Upload vulnerability |
| CVE-2023-39307 | 2024-03-26 | WordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerability |
| CVE-2023-48275 | 2024-03-26 | WordPress Widgets for Google Reviews plugin <= 11.0.2 - Arbitrary File Upload vulnerability |
| CVE-2023-48777 | 2024-03-26 | WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability |
| CVE-2024-2909 | 2024-03-26 | Ruijie RG-EG350 HTTP POST Request setAction os command injection |
| CVE-2024-2910 | 2024-03-26 | Ruijie RG-EG350 HTTP POST Request vpnAction os command injection |
| CVE-2024-2911 | 2024-03-26 | Tianjin PubliCMS cross-site request forgery |
| CVE-2024-2971 | 2024-03-26 | Out-of-bounds array access due to negative object numbers in indirect references in Xpdf 4.05 |
| CVE-2024-2916 | 2024-03-26 | Campcodes House Rental Management System ajax.php sql injection |
| CVE-2024-25136 | 2024-03-26 | AutomationDirect C-MORE EA9 HMI Path Traversal |
| CVE-2024-25137 | 2024-03-26 | AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow |
| CVE-2024-2917 | 2024-03-26 | Campcodes House Rental Management System index.php file inclusion |
| CVE-2024-2927 | 2024-03-26 | code-projects Mobile Shop Login Page Details.php sql injection |
| CVE-2024-25138 | 2024-03-26 | AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password |
| CVE-2024-2930 | 2024-03-26 | SourceCodester Music Gallery Site unrestricted upload |
| CVE-2024-2209 | 2024-03-26 | HP Printer Firmware Update Utility for Certain HP DeskJet Printers - Potential Execution of Arbitrary Code |
| CVE-2023-25364 | 2024-03-27 | Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks. |
| CVE-2023-29134 | 2024-03-27 | An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit. |
| CVE-2023-31634 | 2024-03-27 | In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker... |
| CVE-2023-31854 | 2024-03-27 | std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem. |
| CVE-2023-40284 | 2024-03-27 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. |
| CVE-2023-40285 | 2024-03-27 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. |
| CVE-2023-40286 | 2024-03-27 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. |
| CVE-2023-40287 | 2024-03-27 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. |
| CVE-2023-40288 | 2024-03-27 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. |
| CVE-2023-40289 | 2024-03-27 | A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges. |
| CVE-2023-40290 | 2024-03-27 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows. |
| CVE-2023-43768 | 2024-03-27 | An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands. |
| CVE-2023-45929 | 2024-03-27 | S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr(). |
| CVE-2023-47438 | 2024-03-27 | SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter. |
| CVE-2024-24334 | 2024-03-27 | A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. |