CVE List - 2024 / February
Showing 2101 - 2200 of 2784 CVEs for February 2024 (Page 22 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-52463 | 2024-02-23 | efivarfs: force RO when remounting if SetVariable is not supported |
| CVE-2023-52464 | 2024-02-23 | EDAC/thunderx: Fix possible out-of-bounds string access |
| CVE-2024-26595 | 2024-02-23 | mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path |
| CVE-2024-26596 | 2024-02-23 | net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events |
| CVE-2024-26597 | 2024-02-23 | net: qualcomm: rmnet: fix global oob in rmnet_policy |
| CVE-2024-26598 | 2024-02-23 | KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache |
| CVE-2024-26599 | 2024-02-23 | pwm: Fix out-of-bounds access in of_pwm_single_xlate() |
| CVE-2024-25629 | 2024-02-23 | c-ares out of bounds read in ares__read_line() |
| CVE-2024-1820 | 2024-02-23 | code-projects Crime Reporting System inchargelogin.php sql injection |
| CVE-2024-1821 | 2024-02-23 | code-projects Crime Reporting System police_add.php sql injection |
| CVE-2024-1822 | 2024-02-23 | PHPGurukul Tourism Management System user-bookings.php cross site scripting |
| CVE-2024-1823 | 2024-02-23 | CodeAstro Simple Voting System Backend users.php access control |
| CVE-2024-26150 | 2024-02-23 | `@backstage/backend-common` vulnerable to path traversal through symlinks |
| CVE-2024-1824 | 2024-02-23 | CodeAstro House Rental Management System signing.php sql injection |
| CVE-2023-51392 | 2024-02-23 | Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM |
| CVE-2024-1825 | 2024-02-23 | CodeAstro House Rental Management System User Registration Page cross site scripting |
| CVE-2024-23320 | 2024-02-23 | Apache DolphinScheduler: Arbitrary js execution as root for authenticated users |
| CVE-2024-1826 | 2024-02-23 | code-projects Library System login.php sql injection |
| CVE-2024-1827 | 2024-02-23 | code-projects Library System login.php sql injection |
| CVE-2024-27318 | 2024-02-23 | Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which... |
| CVE-2024-27319 | 2024-02-23 | Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. |
| CVE-2024-1828 | 2024-02-23 | code-projects Library System registration.php sql injection |
| CVE-2024-1829 | 2024-02-23 | code-projects Library System registration.php sql injection |
| CVE-2024-1830 | 2024-02-23 | code-projects Library System lost-password.php sql injection |
| CVE-2022-43842 | 2024-02-23 | IBM Aspera Console SQL injection |
| CVE-2024-1831 | 2024-02-23 | SourceCodester Complete File Management System Login Form index.php sql injection |
| CVE-2023-51394 | 2024-02-23 | Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash |
| CVE-2023-51393 | 2024-02-23 | Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer |
| CVE-2024-1832 | 2024-02-23 | SourceCodester Complete File Management System Admin Login Form sql injection |
| CVE-2024-1833 | 2024-02-23 | SourceCodester Employee Management System login.php sql injection |
| CVE-2024-1834 | 2024-02-23 | SourceCodester Simple Student Attendance System ?page=attendance&class_id=1 cross site scripting |
| CVE-2024-21423 | 2024-02-23 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-27132 | 2024-02-23 | Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. |
| CVE-2024-27133 | 2024-02-23 | Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. |
| CVE-2024-26188 | 2024-02-23 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-26192 | 2024-02-23 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-22395 | 2024-02-23 | Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA... |
| CVE-2024-1810 | 2024-02-24 | The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient... |
| CVE-2024-21502 | 2024-02-24 | Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as... |
| CVE-2024-21501 | 2024-02-24 | Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system... |
| CVE-2023-5775 | 2024-02-24 | The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly... |
| CVE-2024-1758 | 2024-02-24 | The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated... |
| CVE-2024-1710 | 2024-02-24 | The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and... |
| CVE-2024-1165 | 2024-02-24 | The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated... |
| CVE-2024-26600 | 2024-02-24 | phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP |
| CVE-2024-26601 | 2024-02-24 | ext4: regenerate buddy after block freeing failed if under fc replay |
| CVE-2024-26602 | 2024-02-24 | sched/membarrier: reduce the ability to hammer on sys_membarrier |
| CVE-2024-26603 | 2024-02-24 | x86/fpu: Stop relying on userspace for info to fault in xsave buffer |
| CVE-2024-26604 | 2024-02-24 | Revert "kobject: Remove redundant checks for whether ktype is NULL" |
| CVE-2024-26605 | 2024-02-24 | PCI/ASPM: Fix deadlock when enabling ASPM |
| CVE-2023-38359 | 2024-02-24 | IBM Cognos Analytics cross-site scripting |
| CVE-2023-32344 | 2024-02-24 | IBM Cognos Analytics cross-site request forgery |
| CVE-2023-30996 | 2024-02-24 | IBM Cognos Analytics cross-origin resource sharing |
| CVE-2022-34357 | 2024-02-24 | IBM Cognos Analytics Mobile Server denial of service |
| CVE-2023-43051 | 2024-02-24 | IBM Cognos Analytics cross-site scripting |
| CVE-2024-0243 | 2024-02-24 | Server-side Request Forgery In Recursive URL Loader |
| CVE-2024-1871 | 2024-02-24 | SourceCodester Employee Management System Project Assignment Report assignp.php cross site scripting |
| CVE-2024-27350 | 2024-02-25 | Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has... |
| CVE-2024-27359 | 2024-02-25 | Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure... |
| CVE-2024-0455 | 2024-02-25 | SSRF on AWS deployed instances of AnythingLLM via /metadata |
| CVE-2023-52465 | 2024-02-25 | power: supply: Fix null pointer dereference in smb2_probe |
| CVE-2023-52467 | 2024-02-25 | mfd: syscon: Fix null pointer dereference in of_syscon_register() |
| CVE-2023-52468 | 2024-02-25 | class: fix use-after-free in class_register() |
| CVE-2023-52469 | 2024-02-25 | drivers/amd/pm: fix a use-after-free in kv_parse_power_table |
| CVE-2023-52470 | 2024-02-25 | drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() |
| CVE-2023-52471 | 2024-02-25 | ice: Fix some null pointer dereference issues in ice_ptp.c |
| CVE-2023-52472 | 2024-02-25 | crypto: rsa - add a check for allocation failure |
| CVE-2023-52473 | 2024-02-25 | thermal: core: Fix NULL pointer dereference in zone registration error path |
| CVE-2021-46904 | 2024-02-25 | net: hso: fix null-ptr-deref during tty device unregistration |
| CVE-2021-46905 | 2024-02-25 | net: hso: fix NULL-deref on disconnect regression |
| CVE-2022-48626 | 2024-02-25 | moxart: fix potential use-after-free on remove path |
| CVE-2024-0436 | 2024-02-25 | Prevent timing attack for single-user password check |
| CVE-2024-0798 | 2024-02-25 | Privilege Escalation in mintplex-labs/anything-llm |
| CVE-2024-0435 | 2024-02-25 | User can submit message to self-XSS |
| CVE-2024-0440 | 2024-02-25 | SSRF - file:// unsanitized access to underlying host files |
| CVE-2024-0439 | 2024-02-25 | User can manually send request at manager permission to modify system configurations |
| CVE-2024-1875 | 2024-02-25 | SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload |
| CVE-2023-36237 | 2024-02-26 | Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script. |
| CVE-2023-49959 | 2024-02-26 | In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a... |
| CVE-2024-22873 | 2024-02-26 | Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via... |
| CVE-2024-24401 | 2024-02-26 | SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component. |
| CVE-2024-25247 | 2024-02-26 | SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters. |
| CVE-2024-25344 | 2024-02-26 | Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components. |
| CVE-2024-25410 | 2024-02-26 | flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. |
| CVE-2024-25751 | 2024-02-26 | A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function. |
| CVE-2024-25763 | 2024-02-26 | openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c. |
| CVE-2024-25767 | 2024-02-26 | nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c. |
| CVE-2024-25768 | 2024-02-26 | OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c. |
| CVE-2024-25770 | 2024-02-26 | libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c. |
| CVE-2024-26455 | 2024-02-26 | fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. |
| CVE-2024-26458 | 2024-02-26 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. |
| CVE-2024-26461 | 2024-02-26 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. |
| CVE-2024-26465 | 2024-02-26 | A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL. |
| CVE-2024-26466 | 2024-02-26 | A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL. |
| CVE-2024-26467 | 2024-02-26 | A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL. |
| CVE-2024-26468 | 2024-02-26 | A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL. |
| CVE-2024-27444 | 2024-02-26 | langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or... |
| CVE-2024-27447 | 2024-02-26 | pretix before 2024.1.1 mishandles file validation. |
| CVE-2024-27454 | 2024-02-26 | orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. |
| CVE-2024-27455 | 2024-02-26 | In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise... |