CVE List - 2024 / February
Showing 801 - 900 of 2784 CVEs for February 2024 (Page 9 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-43609 | 2024-02-09 | Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization |
| CVE-2024-1122 | 2024-02-09 | The Event Manager, Events Calendar, Events Tickets for WooCommerce –... |
| CVE-2024-0842 | 2024-02-09 | The Backuply – Backup, Restore, Migrate and Clone plugin for... |
| CVE-2024-0657 | 2024-02-09 | The Internal Link Juicer: SEO Auto Linker for WordPress plugin... |
| CVE-2024-0229 | 2024-02-09 | Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access |
| CVE-2024-21762 | 2024-02-09 | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2,... |
| CVE-2024-22119 | 2024-02-09 | Stored XSS in graph items select form |
| CVE-2023-6724 | 2024-02-09 | IDOR in Simgesel Software's Hearing Tracking System (Barosel) |
| CVE-2023-6677 | 2024-02-09 | SQLi in Oduyo Online Collection Software |
| CVE-2024-23319 | 2024-02-09 | CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) |
| CVE-2024-24774 | 2024-02-09 | Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) |
| CVE-2024-24776 | 2024-02-09 | Incorrect Authorization leads to Channel Member Count Leak |
| CVE-2024-1402 | 2024-02-09 | Denial of service in mattermost mobile apps and server via emoji reactions |
| CVE-2023-50386 | 2024-02-09 | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets |
| CVE-2023-50298 | 2024-02-09 | Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions |
| CVE-2023-50292 | 2024-02-09 | Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users |
| CVE-2023-50291 | 2024-02-09 | Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords |
| CVE-2024-1247 | 2024-02-09 | Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field |
| CVE-2024-1246 | 2024-02-09 | Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature |
| CVE-2024-1245 | 2024-02-09 | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes |
| CVE-2023-50349 | 2024-02-09 | HCL Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-45716 | 2024-02-09 | HCL Sametime is impacted by a sensitive information disclosure |
| CVE-2023-45718 | 2024-02-09 | HCL Sametime is impacted by a failure to invalidate sessions |
| CVE-2024-21624 | 2024-02-09 | Potential Information Leak in User-Constructed Message Templates in nonebot2 |
| CVE-2024-24828 | 2024-02-09 | Local Privilege Escalation in execuatables bundled by pkg |
| CVE-2023-6935 | 2024-02-09 | Marvin Attack vulnerability in SP Math All RSA |
| CVE-2024-25109 | 2024-02-09 | Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki |
| CVE-2024-1404 | 2024-02-09 | Linksys WRT54GL Web Management Interface SysInfo.htm information disclosure |
| CVE-2024-23327 | 2024-02-09 | Crash in proxy protocol when command type of LOCAL in Envoy |
| CVE-2024-23325 | 2024-02-09 | Envoy crashes when using an address type that isn’t supported by the OS |
| CVE-2024-23324 | 2024-02-09 | Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata |
| CVE-2024-23323 | 2024-02-09 | Excessive CPU usage when URI template matcher is configured using regex in Envoy |
| CVE-2024-23322 | 2024-02-09 | Envoy crashes when idle and request per try timeout occur within the backoff interval |
| CVE-2023-45696 | 2024-02-10 | HCL Sametime is impacted by an autocomplete enabled vulnerability |
| CVE-2023-28077 | 2024-02-10 | Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0... |
| CVE-2023-45698 | 2024-02-10 | HCL Sametime is impacted by clickjacking |
| CVE-2024-21490 | 2024-02-10 | This affects versions of the package angular from 1.3.0. A... |
| CVE-2024-1405 | 2024-02-10 | Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure |
| CVE-2024-0594 | 2024-02-10 | The Awesome Support – WordPress HelpDesk & Support Plugin plugin... |
| CVE-2024-0595 | 2024-02-10 | The Awesome Support – WordPress HelpDesk & Support Plugin plugin... |
| CVE-2024-0596 | 2024-02-10 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html() |
| CVE-2024-1406 | 2024-02-10 | Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure |
| CVE-2024-24831 | 2024-02-10 | WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24804 | 2024-02-10 | WordPress MW WP Form Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24803 | 2024-02-10 | WordPress Ultra Companion Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24801 | 2024-02-10 | WordPress OWL Carousel Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24717 | 2024-02-10 | WordPress Beds24 Online Booking Plugin <= 2.0.23 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24713 | 2024-02-10 | WordPress Auto Listings Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24712 | 2024-02-10 | WordPress Heateor Social Login Plugin <= 1.1.30 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23517 | 2024-02-10 | WordPress Scheduling Plugin – Online Booking for WordPress Plugin <= 3.5.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23516 | 2024-02-10 | WordPress CC BMI Calculator Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-23514 | 2024-02-10 | WordPress Click To Tweet Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51493 | 2024-02-10 | WordPress Custom Post Carousels with Owl Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51492 | 2024-02-10 | WordPress If-So Dynamic Content Personalization Plugin <= 1.6.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51488 | 2024-02-10 | WordPress Crowdsignal Dashboard – Polls, Surveys & more Plugin <= 3.0.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51485 | 2024-02-10 | WordPress Pay with Vipps for WooCommerce Plugin <= 1.14.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51480 | 2024-02-10 | WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51415 | 2024-02-10 | WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51404 | 2024-02-10 | WordPress My Agile Privacy Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-22361 | 2024-02-10 | IBM Semeru Runtime information disclosure |
| CVE-2023-50957 | 2024-02-10 | IBM Storage Defender - Resiliency Service privilege escalation |
| CVE-2024-22312 | 2024-02-10 | IBM Storage Defender - Resiliency Service information disclosure |
| CVE-2024-22313 | 2024-02-10 | IBM Storage Defender - Resiliency Service information disclosure |
| CVE-2023-52427 | 2024-02-11 | In OpenDDS through 3.27, there is a segmentation fault for... |
| CVE-2023-52428 | 2024-02-11 | In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause... |
| CVE-2024-23724 | 2024-02-11 | Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation... |
| CVE-2024-25417 | 2024-02-11 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-25712 | 2024-02-11 | http-swagger before 1.2.6 allows XSS via PUT requests, because a... |
| CVE-2024-25713 | 2024-02-11 | yyjson through 0.8.0 has a double free, leading to remote... |
| CVE-2024-25714 | 2024-02-11 | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp... |
| CVE-2024-25715 | 2024-02-11 | Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via... |
| CVE-2024-25722 | 2024-02-11 | qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. |
| CVE-2024-25728 | 2024-02-11 | ExpressVPN before 12.73.0 on Windows, when split tunneling is used,... |
| CVE-2024-25418 | 2024-02-11 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-25419 | 2024-02-11 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-25711 | 2024-02-11 | diffoscope before 256 allows directory traversal via an embedded filename... |
| CVE-2024-25718 | 2024-02-11 | In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can... |
| CVE-2024-1430 | 2024-02-11 | Netgear R7000 Web Management Interface currentsetting.htm information disclosure |
| CVE-2024-1431 | 2024-02-11 | Netgear R7000 Web Management Interface debuginfo.htm information disclosure |
| CVE-2024-1432 | 2024-02-11 | DeepFaceLab main.py apply_xseg deserialization |
| CVE-2024-21875 | 2024-02-11 | DoS attack when broadcasting billboard messages |
| CVE-2024-1151 | 2024-02-11 | Kernel: stack overflow problem in open vswitch kernel module leading to dos |
| CVE-2024-1433 | 2024-02-11 | KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal |
| CVE-2024-23761 | 2024-02-12 | Server Side Template Injection in Gambio 4.9.2.0 allows attackers to... |
| CVE-2024-24337 | 2024-02-12 | CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha... |
| CVE-2024-25360 | 2024-02-12 | A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks... |
| CVE-2023-52429 | 2024-02-12 | dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can... |
| CVE-2023-52430 | 2024-02-12 | The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via... |
| CVE-2024-23759 | 2024-02-12 | Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers... |
| CVE-2024-23760 | 2024-02-12 | Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers... |
| CVE-2024-23762 | 2024-02-12 | Unrestricted File Upload vulnerability in Content Manager feature in Gambio... |
| CVE-2024-23763 | 2024-02-12 | SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to... |
| CVE-2024-25739 | 2024-02-12 | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can... |
| CVE-2024-25740 | 2024-02-12 | A memory leak flaw was found in the UBI driver... |
| CVE-2024-25741 | 2024-02-12 | printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does... |
| CVE-2024-25744 | 2024-02-12 | In the Linux kernel before 6.6.7, an untrusted VMM can... |
| CVE-2024-24933 | 2024-02-12 | WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24932 | 2024-02-12 | WordPress VK Poster Group Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24931 | 2024-02-12 | WordPress Before After Image Slider WP Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-24930 | 2024-02-12 | WordPress Buttons Shortcode and Widget Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS) |