CVE List - 2024 / February
Showing 1301 - 1400 of 2784 CVEs for February 2024 (Page 14 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-6408 | 2024-02-14 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting... |
| CVE-2023-27975 | 2024-02-14 | CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering... |
| CVE-2024-0568 | 2024-02-14 | CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. |
| CVE-2024-0007 | 2024-02-14 | PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface |
| CVE-2024-0008 | 2024-02-14 | PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface |
| CVE-2024-0009 | 2024-02-14 | PAN-OS: Improper IP Address Verification in GlobalProtect Gateway |
| CVE-2024-0010 | 2024-02-14 | PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal |
| CVE-2024-0011 | 2024-02-14 | PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication |
| CVE-2023-48229 | 2024-02-14 | Out-of-bounds write in the radio driver for Contiki-NG nRF platforms |
| CVE-2023-50927 | 2024-02-14 | Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG |
| CVE-2023-50926 | 2024-02-14 | Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG |
| CVE-2024-1482 | 2024-02-14 | Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution |
| CVE-2024-25618 | 2024-02-14 | External OpenID Connect Account Takeover by E-Mail Change in mastodon |
| CVE-2024-25619 | 2024-02-14 | Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon |
| CVE-2024-25617 | 2024-02-14 | Denial of Service in HTTP Header parser in squid proxy |
| CVE-2024-1367 | 2024-02-14 | Command Injection Vulnerability in Tenable Security Center |
| CVE-2024-1471 | 2024-02-14 | HTML Injection Vulnerability |
| CVE-2023-48733 | 2024-02-14 | An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. |
| CVE-2023-49721 | 2024-02-14 | An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. |
| CVE-2023-6138 | 2024-02-14 | A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP... |
| CVE-2022-48219 | 2024-02-14 | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware... |
| CVE-2022-48220 | 2024-02-14 | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware... |
| CVE-2024-25620 | 2024-02-14 | Dependency management path traversal in helm |
| CVE-2024-23674 | 2024-02-15 | The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical,... |
| CVE-2024-24256 | 2024-02-15 | SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position... |
| CVE-2024-24386 | 2024-02-15 | An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. |
| CVE-2024-25373 | 2024-02-15 | Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function. |
| CVE-2024-25502 | 2024-02-15 | Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. |
| CVE-2023-51787 | 2024-02-15 | An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting... |
| CVE-2024-1523 | 2024-02-15 | EC-WEB FS-EZViewer(Web) - SQL Injection |
| CVE-2024-26260 | 2024-02-15 | Hgiga OAKlouds - Command Injection |
| CVE-2024-26261 | 2024-02-15 | Hgiga OAKlouds - Arbitrary File Read And Delete |
| CVE-2024-26262 | 2024-02-15 | EBM Technologies Uniweb/SoliPACS WebServer - SQL Injection |
| CVE-2024-26263 | 2024-02-15 | EBM Technologies RISWEB - Improper Access Control |
| CVE-2024-26264 | 2024-02-15 | EBM Technologies RISWEB - SQL Injection |
| CVE-2024-25940 | 2024-02-15 | bhyveload(8) host file access |
| CVE-2024-25941 | 2024-02-15 | jail(2) information leak |
| CVE-2024-25559 | 2024-02-15 | URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary... |
| CVE-2022-23084 | 2024-02-15 | Potential jail escape vulnerabilities in netmap |
| CVE-2022-23085 | 2024-02-15 | Potential jail escape vulnerabilities in netmap |
| CVE-2022-23086 | 2024-02-15 | mpr/mps/mpt driver ioctl heap out-of-bounds write |
| CVE-2022-23087 | 2024-02-15 | Bhyve e82545 device emulation out-of-bounds write |
| CVE-2022-23088 | 2024-02-15 | 802.11 heap buffer overflow |
| CVE-2024-1488 | 2024-02-15 | Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation |
| CVE-2022-23089 | 2024-02-15 | Out of bound read in elf_note_prpsinfo() |
| CVE-2022-23090 | 2024-02-15 | AIO credential reference count leak |
| CVE-2022-23091 | 2024-02-15 | Memory disclosure by stale virtual memory mapping |
| CVE-2022-23092 | 2024-02-15 | Missing bounds check in 9p message handling |
| CVE-2022-23093 | 2024-02-15 | Stack overflow in ping(8) |
| CVE-2023-46596 | 2024-02-15 | Improper input validation in FireFlow’s VisualFlow workflow editor |
| CVE-2024-0708 | 2024-02-15 | The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2.... |
| CVE-2024-21727 | 2024-02-15 | Extension - digtal-peak.com - XSS vulnerability in DP Calendar component for Joomla 8.0.0-8.0.14 |
| CVE-2024-0353 | 2024-02-15 | Local privilege escalation in Windows products |
| CVE-2023-4537 | 2024-02-15 | Protocol Downgrade in Comarch ERP XL |
| CVE-2023-4538 | 2024-02-15 | Shared Key in Comarch ERP XL |
| CVE-2023-4539 | 2024-02-15 | Hardcoded password in Comarch ERP XL |
| CVE-2024-0390 | 2024-02-15 | Hard-coded credentials in iZZi connect application |
| CVE-2024-20725 | 2024-02-15 | Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability I |
| CVE-2024-20723 | 2024-02-15 | Adobe Substance 3D Painter v9.0.1Build2822 Buffer Overflow Vulnerability |
| CVE-2024-20741 | 2024-02-15 | Adobe Substance 3D Paint ICO Parsing Access Violation Write Vulnerability |
| CVE-2024-20742 | 2024-02-15 | Adobe Substance 3D Paint RAS File Parsing Out-Of-Bounds Read Vulnerability |
| CVE-2024-20740 | 2024-02-15 | Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability |
| CVE-2024-20722 | 2024-02-15 | Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability III |
| CVE-2024-20743 | 2024-02-15 | Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability |
| CVE-2024-20724 | 2024-02-15 | Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability II |
| CVE-2024-20744 | 2024-02-15 | Adobe Substance 3D Paint PICT Parsing Access Violation Write Vulnerability |
| CVE-2024-20735 | 2024-02-15 | TALOS-2023-1905 - Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability |
| CVE-2024-20729 | 2024-02-15 | TALOS-2023-1890 - Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability |
| CVE-2024-20749 | 2024-02-15 | TALOS-2023-1910 - Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability |
| CVE-2024-20736 | 2024-02-15 | ZDI-CAN-22822: Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-20728 | 2024-02-15 | ZDI-CAN-22727: Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-20734 | 2024-02-15 | ZDI-CAN-22516: Adobe Acrobat Pro DC AcroForm Use-After-Free Information Disclosure Vulnerability |
| CVE-2024-20748 | 2024-02-15 | TALOS-2023-1909 - Adobe Acrobat Reader Font avar SegmentMaps out-of-bounds read vulnerability |
| CVE-2024-20733 | 2024-02-15 | [ZS-VR-23-360] Adobe Acrobat Reader Parsing OTF font Denial-of-Service Vulnerability |
| CVE-2024-20747 | 2024-02-15 | TALOS-2023-1908 - Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability |
| CVE-2024-20727 | 2024-02-15 | [TianfuCup] out-of-bounds access vulnerability when parsing jpeg2000 |
| CVE-2024-20731 | 2024-02-15 | TALOS-2023-1901 - Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability |
| CVE-2024-20730 | 2024-02-15 | TALOS-2023-1906 - Adobe Acrobat Reader Font CPAL integer overflow vulnerability |
| CVE-2024-20726 | 2024-02-15 | [TianfuCup] JP2K Image Parsing Out-Of-Bounds Write |
| CVE-2024-20738 | 2024-02-15 | Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability | CVE-2023-44324 bypass |
| CVE-2024-20739 | 2024-02-15 | ZDI-CAN-22647: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-20750 | 2024-02-15 | Adobe Substance 3D Designer PICT Parsing Out-Of-Bounds Read Vulnerability |
| CVE-2023-28078 | 2024-02-15 | Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure... |
| CVE-2023-32462 | 2024-02-15 | Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to... |
| CVE-2024-1530 | 2024-02-15 | ECshop view_sendlist.php sql injection |
| CVE-2023-32484 | 2024-02-15 | Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges... |
| CVE-2023-39244 | 2024-02-15 | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the... |
| CVE-2023-39245 | 2024-02-15 | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the... |
| CVE-2024-20720 | 2024-02-15 | Command injection in data collector backup due to insufficient patching of CVE-2023-38208 |
| CVE-2024-20719 | 2024-02-15 | [Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297 |
| CVE-2024-20718 | 2024-02-15 | [Spain] CSRF to delete Requisition Lists at Adobe Commerce |
| CVE-2024-20717 | 2024-02-15 | Stored admin XSS via PayPal authentication certificate |
| CVE-2024-20716 | 2024-02-15 | Force high-usage of resources by generating unlimited coupons: Adobe Commerce |
| CVE-2023-26206 | 2024-02-15 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute... |
| CVE-2023-45581 | 2024-02-15 | An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting... |
| CVE-2023-44253 | 2024-02-15 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and... |
| CVE-2023-47537 | 2024-02-15 | An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a... |
| CVE-2024-23113 | 2024-02-15 | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14,... |
| CVE-2023-7081 | 2024-02-15 | SQLi in PosTahsil's Online Payment System |
| CVE-2023-4993 | 2024-02-15 | Sensetive Data Exposure in Utarit's Soliclub |