CVE List - 2024 / February
Showing 1101 - 1200 of 2784 CVEs for February 2024 (Page 12 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-21353 | 2024-02-13 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-21355 | 2024-02-13 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| CVE-2024-21356 | 2024-02-13 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2024-21359 | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21362 | 2024-02-13 | Windows Kernel Security Feature Bypass Vulnerability |
| CVE-2024-21363 | 2024-02-13 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-21364 | 2024-02-13 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2024-21365 | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21367 | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21368 | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21370 | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21374 | 2024-02-13 | Microsoft Teams for Android Information Disclosure Vulnerability |
| CVE-2024-21376 | 2024-02-13 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability |
| CVE-2024-21377 | 2024-02-13 | Windows DNS Information Disclosure Vulnerability |
| CVE-2024-21378 | 2024-02-13 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2024-21380 | 2024-02-13 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability |
| CVE-2024-21384 | 2024-02-13 | Microsoft Office OneNote Remote Code Execution Vulnerability |
| CVE-2024-21391 | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21395 | 2024-02-13 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2024-21397 | 2024-02-13 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
| CVE-2024-21403 | 2024-02-13 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| CVE-2024-21405 | 2024-02-13 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| CVE-2024-21406 | 2024-02-13 | Windows Printing Service Spoofing Vulnerability |
| CVE-2024-21410 | 2024-02-13 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2024-21412 | 2024-02-13 | Internet Shortcut Files Security Feature Bypass Vulnerability |
| CVE-2024-24751 | 2024-02-13 | Broken Access Control in Backend Module in sf_event_mgt |
| CVE-2024-1084 | 2024-02-13 | Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make... |
| CVE-2024-24814 | 2024-02-13 | Denial of service when manipulating mod_auth_openidc_session_chunks cookie in mod_auth_openidc |
| CVE-2024-1082 | 2024-02-13 | Path traversal vulnerability in GitHub Enterprise Server that allowed arbitrary file read with a specially crafted GitHub Pages artifact upload |
| CVE-2024-1354 | 2024-02-13 | Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console |
| CVE-2024-1355 | 2024-02-13 | Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console |
| CVE-2024-1359 | 2024-02-13 | Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console |
| CVE-2024-1369 | 2024-02-13 | Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console |
| CVE-2024-1372 | 2024-02-13 | Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console |
| CVE-2024-1374 | 2024-02-13 | Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console |
| CVE-2024-1378 | 2024-02-13 | Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console |
| CVE-2024-25122 | 2024-02-13 | Cross-site Scripting sidekiq-unique-jobs UI server vulnerability |
| CVE-2023-31346 | 2024-02-13 | Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. |
| CVE-2023-31347 | 2024-02-13 | Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled... |
| CVE-2021-46757 | 2024-02-13 | Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading... |
| CVE-2023-20587 | 2024-02-13 | Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. |
| CVE-2023-20579 | 2024-02-13 | Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. |
| CVE-2023-6152 | 2024-02-13 | A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign... |
| CVE-2024-25121 | 2024-02-13 | Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3 |
| CVE-2024-25120 | 2024-02-13 | Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3 |
| CVE-2024-25119 | 2024-02-13 | Information Disclosure of Encryption Key in TYPO3 Install Tool |
| CVE-2024-25118 | 2024-02-13 | Information Disclosure of Hashed Passwords in TYPO3 Backend Forms |
| CVE-2024-1485 | 2024-02-13 | Registry-support: decompress can delete files outside scope via relative paths |
| CVE-2024-24695 | 2024-02-13 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation |
| CVE-2024-24696 | 2024-02-13 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation |
| CVE-2024-24697 | 2024-02-13 | Zoom Clients - Untrusted Search Path |
| CVE-2024-24698 | 2024-02-13 | Zoom Clients - Improper Authentication |
| CVE-2024-24699 | 2024-02-13 | Zoom Clients - Business Logic Error |
| CVE-2023-48987 | 2024-02-14 | Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via... |
| CVE-2024-24300 | 2024-02-14 | 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the... |
| CVE-2024-24301 | 2024-02-14 | Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by... |
| CVE-2024-25165 | 2024-02-14 | A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. |
| CVE-2024-25212 | 2024-02-14 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. |
| CVE-2024-25214 | 2024-02-14 | An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. |
| CVE-2024-25219 | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. |
| CVE-2024-25222 | 2024-02-14 | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. |
| CVE-2023-48985 | 2024-02-14 | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information... |
| CVE-2023-48986 | 2024-02-14 | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information... |
| CVE-2023-50387 | 2024-02-14 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or... |
| CVE-2023-50868 | 2024-02-14 | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for... |
| CVE-2024-25207 | 2024-02-14 | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts... |
| CVE-2024-25208 | 2024-02-14 | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts... |
| CVE-2024-25209 | 2024-02-14 | Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. |
| CVE-2024-25210 | 2024-02-14 | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. |
| CVE-2024-25211 | 2024-02-14 | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. |
| CVE-2024-25213 | 2024-02-14 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php. |
| CVE-2024-25215 | 2024-02-14 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. |
| CVE-2024-25216 | 2024-02-14 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. |
| CVE-2024-25217 | 2024-02-14 | Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. |
| CVE-2024-25218 | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. |
| CVE-2024-25220 | 2024-02-14 | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. |
| CVE-2024-25221 | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at... |
| CVE-2024-25223 | 2024-02-14 | Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. |
| CVE-2024-25224 | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter... |
| CVE-2024-25225 | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter... |
| CVE-2024-25226 | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter... |
| CVE-2024-25300 | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. |
| CVE-2024-25301 | 2024-02-14 | Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. |
| CVE-2024-24690 | 2024-02-14 | Zoom Clients - Improper Input Validation |
| CVE-2024-24691 | 2024-02-14 | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation |
| CVE-2024-25125 | 2024-02-14 | Absolute path traversal vulnerability in digdag server |
| CVE-2024-22455 | 2024-02-14 | Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch... |
| CVE-2023-25535 | 2024-02-14 | Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability... |
| CVE-2023-39249 | 2024-02-14 | Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their... |
| CVE-2023-44283 | 2024-02-14 | In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on... |
| CVE-2023-44293 | 2024-02-14 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session... |
| CVE-2023-44294 | 2024-02-14 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session... |
| CVE-2024-23783 | 2024-02-14 | Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. |
| CVE-2024-23784 | 2024-02-14 | Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its... |
| CVE-2024-23785 | 2024-02-14 | Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. |
| CVE-2024-23786 | 2024-02-14 | Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of... |
| CVE-2024-23787 | 2024-02-14 | Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. |
| CVE-2024-23788 | 2024-02-14 | Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the... |
| CVE-2024-23789 | 2024-02-14 | Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. |
| CVE-2024-23952 | 2024-02-14 | Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) |