Lista CVE - 2024 / Aprile
Visualizzazione 2501 - 2600 di 3606 CVE per Aprile 2024 (Pagina 26 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-3909 | 2024-04-17 | Tenda AC500 execCommand formexeCommand stack-based overflow |
| CVE-2024-3333 | 2024-04-17 | The Essential Addons for Elementor plugin for WordPress is vulnerable... |
| CVE-2024-3910 | 2024-04-17 | Tenda AC500 DhcpListClient fromDhcpListClient stack-based overflow |
| CVE-2023-6805 | 2024-04-17 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging,... |
| CVE-2023-40146 | 2024-04-17 | A privilege escalation vulnerability exists in the /bin/login functionality of... |
| CVE-2023-39367 | 2024-04-17 | An OS command injection vulnerability exists in the web interface... |
| CVE-2023-45744 | 2024-04-17 | A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi... |
| CVE-2023-45209 | 2024-04-17 | An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi... |
| CVE-2023-43491 | 2024-04-17 | An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi... |
| CVE-2024-1132 | 2024-04-17 | Keycloak: path transversal in redirection validation |
| CVE-2024-1249 | 2024-04-17 | Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos |
| CVE-2024-2419 | 2024-04-17 | Keycloak: path traversal in the redirect validation |
| CVE-2024-29035 | 2024-04-17 | Umbraco's Blind SSRF Leads to Port Scan by using Webhooks |
| CVE-2024-3825 | 2024-04-17 | CSRF in BlazeMeter Jenkins plugin |
| CVE-2024-30253 | 2024-04-17 | Handling untrusted input can result in a crash, leading to loss of availability / denial of service |
| CVE-2024-31463 | 2024-04-17 | Ironic-image allows unauthenticated local access to Ironic API |
| CVE-2024-32463 | 2024-04-17 | phlex makes Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags |
| CVE-2023-52645 | 2024-04-17 | pmdomain: mediatek: fix race conditions with genpd |
| CVE-2024-26910 | 2024-04-17 | netfilter: ipset: fix performance regression in swap operation |
| CVE-2024-26911 | 2024-04-17 | drm/buddy: Fix alloc_range() error handling code |
| CVE-2024-26912 | 2024-04-17 | drm/nouveau: fix several DMA buffer leaks |
| CVE-2024-26913 | 2024-04-17 | drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue |
| CVE-2024-26914 | 2024-04-17 | drm/amd/display: fix incorrect mpc_combine array size |
| CVE-2024-26915 | 2024-04-17 | drm/amdgpu: Reset IH OVERFLOW_CLEAR bit |
| CVE-2024-26916 | 2024-04-17 | Revert "drm/amd: flush any delayed gfxoff on suspend entry" |
| CVE-2024-26917 | 2024-04-17 | scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" |
| CVE-2024-26918 | 2024-04-17 | PCI: Fix active state requirement in PME polling |
| CVE-2024-26919 | 2024-04-17 | usb: ulpi: Fix debugfs directory leak |
| CVE-2024-26920 | 2024-04-17 | tracing/trigger: Fix to return error if failed to alloc snapshot |
| CVE-2023-5395 | 2024-04-17 | Server receiving a malformed message that uses the hostname in... |
| CVE-2023-5396 | 2024-04-17 | Server receiving a malformed message creates connection for a hostname... |
| CVE-2023-5397 | 2024-04-17 | Server receiving a malformed message to create a new connection... |
| CVE-2023-5398 | 2024-04-17 | Server receiving a malformed message based on a list of... |
| CVE-2023-5400 | 2024-04-17 | Server receiving a malformed message based on a using the... |
| CVE-2023-5401 | 2024-04-17 | Server receiving a malformed message based on a using the... |
| CVE-2023-5403 | 2024-04-17 | Server hostname translation to IP address manipulation which could lead... |
| CVE-2023-5404 | 2024-04-17 | Server receiving a malformed message can cause a pointer to... |
| CVE-2023-5405 | 2024-04-17 | Server information leak for the CDA Server process memory can... |
| CVE-2023-5406 | 2024-04-17 | Server communication with a controller can lead to remote code... |
| CVE-2023-5407 | 2024-04-17 | Controller denial of service due to improper handling of a... |
| CVE-2024-28073 | 2024-04-17 | SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-3914 | 2024-04-17 | Use after free in V8 in Google Chrome prior to... |
| CVE-2024-2961 | 2024-04-17 | The iconv() function in the GNU C Library versions 2.39... |
| CVE-2024-29950 | 2024-04-17 | Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption |
| CVE-2024-3900 | 2024-04-17 | Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check |
| CVE-2024-3323 | 2024-04-17 | Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29951 | 2024-04-17 | Brocade SANnav has weak encryption in internal SSH ports |
| CVE-2024-21989 | 2024-04-17 | Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility |
| CVE-2024-21990 | 2024-04-17 | Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility |
| CVE-2024-3817 | 2024-04-17 | HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches |
| CVE-2024-0257 | 2024-04-17 | RoboDK Heap-based Buffer Overflow |
| CVE-2024-32472 | 2024-04-17 | excalidraw vulnerable to a Stored XSS in excalidraw's web embed component |
| CVE-2024-29952 | 2024-04-17 | Clear text storage of sensistive information by manipulating command variables |
| CVE-2024-29955 | 2024-04-17 | Insertion of Sensitive Information into Brocade SANnav Log File |
| CVE-2023-4232 | 2024-04-17 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_status_report() function |
| CVE-2023-4233 | 2024-04-17 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the sms_decode_address_field() function |
| CVE-2023-4234 | 2024-04-17 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_submit_report() function |
| CVE-2023-4235 | 2024-04-17 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver_report() function |
| CVE-2023-4509 | 2024-04-17 | It is possible for an API key to be logged... |
| CVE-2024-3928 | 2024-04-17 | Dromara open-capacity-platform auth-server heapdump information disclosure |
| CVE-2024-30564 | 2024-04-18 | An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a... |
| CVE-2024-30920 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows... |
| CVE-2024-30921 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows... |
| CVE-2024-30922 | 2024-04-18 | SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker... |
| CVE-2024-30923 | 2024-04-18 | SQL Injection vulnerability in DerbyNet v9.0 and below allows a... |
| CVE-2024-30924 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows... |
| CVE-2024-30925 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows... |
| CVE-2024-30926 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows... |
| CVE-2024-30927 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows... |
| CVE-2024-30928 | 2024-04-18 | SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers... |
| CVE-2024-30929 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows... |
| CVE-2024-30938 | 2024-04-18 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker... |
| CVE-2024-31750 | 2024-04-18 | SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote... |
| CVE-2024-32325 | 2024-04-18 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through... |
| CVE-2024-32326 | 2024-04-18 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through... |
| CVE-2024-32327 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability... |
| CVE-2024-32332 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability... |
| CVE-2024-32333 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability... |
| CVE-2024-32334 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability... |
| CVE-2024-32335 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability... |
| CVE-2024-3931 | 2024-04-18 | Totara LMS Profile check.php cross site scripting |
| CVE-2024-3932 | 2024-04-18 | Totara LMS cross-site request forgery |
| CVE-2024-29956 | 2024-04-18 | cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav |
| CVE-2024-1426 | 2024-04-18 | The Element Pack Elementor Addons (Header Footer, Free Template Library,... |
| CVE-2024-1429 | 2024-04-18 | The Element Pack Elementor Addons (Header Footer, Free Template Library,... |
| CVE-2024-2729 | 2024-04-18 | Otter Blocks < 2.6.6 - Contributor+ Stored XSS |
| CVE-2024-31869 | 2024-04-18 | Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used |
| CVE-2024-32142 | 2024-04-18 | WordPress Ovic Responsive WPBakery plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2023-49742 | 2024-04-18 | WordPress Support Genix plugin <= 1.2.3 - Broken Access Control lead to Arbitrary File Upload vulnerability |
| CVE-2023-41864 | 2024-04-18 | WordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32604 | 2024-04-18 | WordPress WP-Recall plugin <= 16.26.5 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-32603 | 2024-04-18 | WordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerability |
| CVE-2024-32601 | 2024-04-18 | WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability |
| CVE-2024-32599 | 2024-04-18 | WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability |
| CVE-2024-32598 | 2024-04-18 | WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32597 | 2024-04-18 | WordPress WP Smart Import plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32596 | 2024-04-18 | WordPress DSGVO Youtube plugin <= 1.4.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32595 | 2024-04-18 | WordPress WP Helper Premium plugin < 4.6.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32594 | 2024-04-18 | WordPress Attesa Extra plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32593 | 2024-04-18 | WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.3.4.2 - Cross Site Scripting (XSS) vulnerability |