CVE List - 2024 / February
Showing 1401 - 1500 of 2784 CVEs for February 2024 (Page 15 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5155 | 2024-02-15 | SQLi in Utarit's Smart Deposit System |
| CVE-2023-6255 | 2024-02-15 | Hardcoded Credentals in SoliClub Mobile App |
| CVE-2023-6937 | 2024-02-15 | Improper (D)TLS key boundary enforcement |
| CVE-2024-21728 | 2024-02-15 | Extension - smartcalc.es - Open redirect vulnerability in osTicky component for Joomla <= 2.2.8 |
| CVE-2024-0240 | 2024-02-15 | Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients |
| CVE-2024-23479 | 2024-02-15 | SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-23478 | 2024-02-15 | SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution |
| CVE-2024-23476 | 2024-02-15 | SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-23477 | 2024-02-15 | SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability |
| CVE-2023-40057 | 2024-02-15 | SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution |
| CVE-2024-0622 | 2024-02-15 | Local privilege escalation vulnerability could affect OpenText Operations Agent on Non-Windows platforms. |
| CVE-2023-6123 | 2024-02-15 | Improper Neutralization vulnerability affects OpenText ALM Octane. |
| CVE-2024-25123 | 2024-02-15 | Path Manipulation in file mslib/index.py in MSS |
| CVE-2023-40100 | 2024-02-15 | In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-40104 | 2024-02-15 | In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2023-40105 | 2024-02-15 | In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution... |
| CVE-2023-40106 | 2024-02-15 | In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no... |
| CVE-2023-40107 | 2024-02-15 | In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2023-40109 | 2024-02-15 | In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-40110 | 2024-02-15 | In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional... |
| CVE-2023-40111 | 2024-02-15 | In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of... |
| CVE-2023-40112 | 2024-02-15 | In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or... |
| CVE-2023-40113 | 2024-02-15 | In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no... |
| CVE-2023-40114 | 2024-02-15 | In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no... |
| CVE-2023-40115 | 2024-02-15 | In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-40124 | 2024-02-15 | In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution... |
| CVE-2023-45860 | 2024-02-16 | In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized... |
| CVE-2023-51931 | 2024-02-16 | An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. |
| CVE-2024-22854 | 2024-02-16 | DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and... |
| CVE-2024-24377 | 2024-02-16 | An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. |
| CVE-2024-25083 | 2024-02-16 | An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able... |
| CVE-2024-25320 | 2024-02-16 | Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php. |
| CVE-2024-25415 | 2024-02-16 | A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. |
| CVE-2024-25466 | 2024-02-16 | Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library... |
| CVE-2023-49508 | 2024-02-16 | Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. |
| CVE-2024-25413 | 2024-02-16 | A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file. |
| CVE-2024-25414 | 2024-02-16 | An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. |
| CVE-2023-40093 | 2024-02-16 | In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local... |
| CVE-2023-40122 | 2024-02-16 | In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2024-0014 | 2024-02-16 | In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no... |
| CVE-2024-0029 | 2024-02-16 | In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to... |
| CVE-2024-0030 | 2024-02-16 | In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-0031 | 2024-02-16 | In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges... |
| CVE-2024-0032 | 2024-02-16 | In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege... |
| CVE-2024-0033 | 2024-02-16 | In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-0034 | 2024-02-16 | In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-0035 | 2024-02-16 | In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege... |
| CVE-2024-0036 | 2024-02-16 | In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead... |
| CVE-2024-0037 | 2024-02-16 | In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure... |
| CVE-2024-0038 | 2024-02-16 | In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-0040 | 2024-02-16 | In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2024-0041 | 2024-02-16 | In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove... |
| CVE-2023-6451 | 2024-02-16 | Publicly Known Cryptographic Machine Key In Procura Portal Application |
| CVE-2024-22425 | 2024-02-16 | Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or... |
| CVE-2024-22426 | 2024-02-16 | Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which... |
| CVE-2024-21775 | 2024-02-16 | SQL Injection |
| CVE-2024-23591 | 2024-02-16 | ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical... |
| CVE-2024-21915 | 2024-02-16 | Rockwell Automation FactoryTalk® Service Platform Elevated Privileges Vulnerability Through Web Service Functionality |
| CVE-2023-21165 | 2024-02-16 | In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no... |
| CVE-2023-40085 | 2024-02-16 | In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-0015 | 2024-02-16 | In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2024-1591 | 2024-02-16 | Privilege Management for Windows < 24.1 Information Leak |
| CVE-2024-0016 | 2024-02-16 | In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges... |
| CVE-2024-0017 | 2024-02-16 | In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2024-0018 | 2024-02-16 | In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-0019 | 2024-02-16 | In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to... |
| CVE-2024-0020 | 2024-02-16 | In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure... |
| CVE-2024-0021 | 2024-02-16 | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This... |
| CVE-2024-0023 | 2024-02-16 | In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-25628 | 2024-02-16 | Insufficient Session Expiration in alf.io |
| CVE-2024-21987 | 2024-02-16 | Improper Authorization Vulnerability in SnapCenter |
| CVE-2024-25627 | 2024-02-16 | Cross-Site Scripting (XSS) via File Upload in Alf.io |
| CVE-2024-24758 | 2024-02-16 | Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici |
| CVE-2024-24750 | 2024-02-16 | Backpressure request ignored in fetch() in Undici |
| CVE-2024-21983 | 2024-02-16 | Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale) |
| CVE-2024-21984 | 2024-02-16 | Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale) |
| CVE-2023-31728 | 2024-02-17 | Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that... |
| CVE-2024-22727 | 2024-02-17 | Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB. |
| CVE-2024-25297 | 2024-02-17 | Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. |
| CVE-2024-25298 | 2024-02-17 | An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. |
| CVE-2024-25468 | 2024-02-17 | An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. |
| CVE-2023-21833 | 2024-02-17 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2024-20903 | 2024-02-17 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create... |
| CVE-2024-20905 | 2024-02-17 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high... |
| CVE-2024-20907 | 2024-02-17 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2024-20909 | 2024-02-17 | Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to... |
| CVE-2024-20911 | 2024-02-17 | Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle... |
| CVE-2024-20913 | 2024-02-17 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2024-20915 | 2024-02-17 | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2024-20917 | 2024-02-17 | Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated... |
| CVE-2024-20919 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-20921 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-20923 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise... |
| CVE-2024-20925 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise... |
| CVE-2024-20927 | 2024-02-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-20929 | 2024-02-17 | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-20931 | 2024-02-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-20933 | 2024-02-17 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-20935 | 2024-02-17 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-20937 | 2024-02-17 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows... |