Lista CVE - 2024 / Aprile
Visualizzazione 101 - 200 di 3605 CVE per Aprile 2024 (Pagina 2 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-27333 | 2024-04-01 | Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-27334 | 2024-04-01 | Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-22780 | 2024-04-02 | Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter. |
| CVE-2024-25075 | 2024-04-02 | An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption.... |
| CVE-2024-25187 | 2024-04-02 | Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html. |
| CVE-2024-27602 | 2024-04-02 | Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module. |
| CVE-2024-28287 | 2024-04-02 | A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. |
| CVE-2024-29276 | 2024-04-02 | An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesignerController.class component. |
| CVE-2024-29432 | 2024-04-02 | Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas. |
| CVE-2024-29514 | 2024-04-02 | File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-30621 | 2024-04-02 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. |
| CVE-2024-30806 | 2024-04-02 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac. |
| CVE-2024-30807 | 2024-04-02 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. |
| CVE-2024-30808 | 2024-04-02 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. |
| CVE-2024-30809 | 2024-04-02 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts. |
| CVE-2024-30946 | 2024-04-02 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php. |
| CVE-2024-30965 | 2024-04-02 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php. |
| CVE-2024-31002 | 2024-04-02 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component. |
| CVE-2024-27604 | 2024-04-02 | Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized. |
| CVE-2024-27605 | 2024-04-02 | Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system. |
| CVE-2024-29434 | 2024-04-02 | An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. |
| CVE-2024-30620 | 2024-04-02 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. |
| CVE-2024-31003 | 2024-04-02 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. |
| CVE-2024-31004 | 2024-04-02 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment. |
| CVE-2024-31005 | 2024-04-02 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment |
| CVE-2024-3142 | 2024-04-02 | Clavister E10/E80 Setting cross-site request forgery |
| CVE-2024-3143 | 2024-04-02 | DedeCMS member_rank.php cross-site request forgery |
| CVE-2024-3137 | 2024-04-02 | Improper Privilege Management in uvdesk/community-skeleton |
| CVE-2024-3144 | 2024-04-02 | DedeCMS makehtml_spec.php cross-site request forgery |
| CVE-2024-3145 | 2024-04-02 | DedeCMS makehtml_js_action.php cross-site request forgery |
| CVE-2024-3146 | 2024-04-02 | DedeCMS makehtml_rss_action.php cross-site request forgery |
| CVE-2024-3147 | 2024-04-02 | DedeCMS makehtml_map.php cross-site request forgery |
| CVE-2024-3148 | 2024-04-02 | DedeCMS makehtml_archives_action.php sql injection |
| CVE-2024-3160 | 2024-04-02 | Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure |
| CVE-2024-20842 | 2024-04-02 | Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory. |
| CVE-2024-20843 | 2024-04-02 | Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code. |
| CVE-2024-20844 | 2024-04-02 | Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2024-20845 | 2024-04-02 | Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2024-20846 | 2024-04-02 | Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2024-20847 | 2024-04-02 | Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information. |
| CVE-2024-20848 | 2024-04-02 | Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory. |
| CVE-2024-20849 | 2024-04-02 | Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2024-20850 | 2024-04-02 | Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay. |
| CVE-2024-20851 | 2024-04-02 | Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege. |
| CVE-2024-20852 | 2024-04-02 | Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration. |
| CVE-2024-20853 | 2024-04-02 | Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore. |
| CVE-2024-20854 | 2024-04-02 | Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access... |
| CVE-2024-2369 | 2024-04-02 | Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS |
| CVE-2024-1274 | 2024-04-02 | My Calendar < 3.4.24 - Authenticated Stored XSS |
| CVE-2024-2791 | 2024-04-02 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient... |
| CVE-2024-2924 | 2024-04-02 | The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input... |
| CVE-2024-1504 | 2024-04-02 | The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect... |
| CVE-2024-26656 | 2024-04-02 | drm/amdgpu: fix use-after-free bug |
| CVE-2024-26657 | 2024-04-02 | drm/sched: fix null-ptr-deref in init entity |
| CVE-2023-52631 | 2024-04-02 | fs/ntfs3: Fix an NULL dereference bug |
| CVE-2024-26658 | 2024-04-02 | bcachefs: grab s_umount only if snapshotting |
| CVE-2024-26659 | 2024-04-02 | xhci: handle isoc Babble and Buffer Overrun events properly |
| CVE-2024-26660 | 2024-04-02 | drm/amd/display: Implement bounds check for stream encoder creation in DCN301 |
| CVE-2024-26661 | 2024-04-02 | drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' |
| CVE-2024-26662 | 2024-04-02 | drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' |
| CVE-2024-26663 | 2024-04-02 | tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() |
| CVE-2024-26664 | 2024-04-02 | hwmon: (coretemp) Fix out-of-bounds memory access |
| CVE-2024-26665 | 2024-04-02 | tunnels: fix out of bounds access when building IPv6 PMTU error |
| CVE-2024-26666 | 2024-04-02 | wifi: mac80211: fix RCU use in TDLS fast-xmit |
| CVE-2024-26667 | 2024-04-02 | drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup |
| CVE-2024-21834 | 2024-04-02 | Arkui has a type confusion vulnerability |
| CVE-2024-22177 | 2024-04-02 | Audio has an improper preservation of permissions vulnerability |
| CVE-2024-22098 | 2024-04-02 | AVSession has a use after free vulnerability |
| CVE-2024-22180 | 2024-04-02 | Camera has a use after free vulnerability |
| CVE-2024-29074 | 2024-04-02 | Telephony has an improper input validation vulnerability |
| CVE-2024-22092 | 2024-04-02 | Bundlemanager has an authentication bypass vulnerability |
| CVE-2024-24581 | 2024-04-02 | Arkcompiler runtime has an out-of-bounds write vulnerability |
| CVE-2024-28226 | 2024-04-02 | Fs has an improper input validation vulnerability |
| CVE-2024-28951 | 2024-04-02 | Arkcompiler runtime has a use after free vulnerability |
| CVE-2024-29086 | 2024-04-02 | Arkcompiler runtime has a stack overflow svulnerability |
| CVE-2024-26668 | 2024-04-02 | netfilter: nft_limit: reject configurations that cause integer overflow |
| CVE-2024-26669 | 2024-04-02 | net/sched: flower: Fix chain template offload |
| CVE-2024-26670 | 2024-04-02 | arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD |
| CVE-2024-2839 | 2024-04-02 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input... |
| CVE-2024-2925 | 2024-04-02 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due... |
| CVE-2023-52632 | 2024-04-02 | drm/amdkfd: Fix lock dependency warning with srcu |
| CVE-2023-52633 | 2024-04-02 | um: time-travel: fix time corruption |
| CVE-2023-52634 | 2024-04-02 | drm/amd/display: Fix disable_otg_wa logic |
| CVE-2023-52635 | 2024-04-02 | PM / devfreq: Synchronize devfreq_monitor_[start/stop] |
| CVE-2024-26671 | 2024-04-02 | blk-mq: fix IO hang from sbitmap wakeup race |
| CVE-2024-26672 | 2024-04-02 | drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' |
| CVE-2024-26673 | 2024-04-02 | netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations |
| CVE-2023-52636 | 2024-04-02 | libceph: just wait for more data to be available on the socket |
| CVE-2024-26674 | 2024-04-02 | x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups |
| CVE-2024-26675 | 2024-04-02 | ppp_async: limit MRU to 64K |
| CVE-2024-26676 | 2024-04-02 | af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. |
| CVE-2024-26677 | 2024-04-02 | rxrpc: Fix delayed ACKs to not set the reference serial number |
| CVE-2024-26678 | 2024-04-02 | x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section |
| CVE-2024-26679 | 2024-04-02 | inet: read sk->sk_family once in inet_recv_error() |
| CVE-2024-26680 | 2024-04-02 | net: atlantic: Fix DMA mapping for PTP hwts ring |
| CVE-2024-26681 | 2024-04-02 | netdevsim: avoid potential loop in nsim_dev_trap_report_work() |
| CVE-2024-26682 | 2024-04-02 | wifi: mac80211: improve CSA/ECSA connection refusal |
| CVE-2024-26683 | 2024-04-02 | wifi: cfg80211: detect stuck ECSA element in probe resp |
| CVE-2024-26684 | 2024-04-02 | net: stmmac: xgmac: fix handling of DPP safety error for DMA channels |
| CVE-2024-1300 | 2024-04-02 | Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support |