CVE List - 2024 / February
Showing 1501 - 1600 of 2784 CVEs for February 2024 (Page 16 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-20939 | 2024-02-17 | Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2024-20941 | 2024-02-17 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2024-20943 | 2024-02-17 | Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-20945 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-20947 | 2024-02-17 | Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2024-20949 | 2024-02-17 | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2024-20951 | 2024-02-17 | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2024-20953 | 2024-02-17 | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-20956 | 2024-02-17 | Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows... |
| CVE-2024-20958 | 2024-02-17 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2024-20960 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low... |
| CVE-2024-20962 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low... |
| CVE-2024-20964 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability... |
| CVE-2024-20966 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20968 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged... |
| CVE-2024-20970 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20972 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20974 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20976 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20978 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20980 | 2024-02-17 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2024-20982 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20984 | 2024-02-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to... |
| CVE-2024-20986 | 2024-02-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-21496 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some... |
| CVE-2024-21492 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after... |
| CVE-2024-21497 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website... |
| CVE-2024-21498 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other... |
| CVE-2024-21499 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of... |
| CVE-2024-21500 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts... |
| CVE-2024-21494 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used... |
| CVE-2024-21495 | 2024-02-17 | Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search.... |
| CVE-2024-21493 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their... |
| CVE-2024-1512 | 2024-02-17 | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route... |
| CVE-2024-0610 | 2024-02-17 | The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to... |
| CVE-2024-22335 | 2024-02-17 | IBM QRadar Suite information disclosure |
| CVE-2024-22336 | 2024-02-17 | IBM QRadar Suite information disclosure |
| CVE-2024-22337 | 2024-02-17 | IBM QRadar Suite information disclosure |
| CVE-2023-50951 | 2024-02-17 | IBM QRadar Suite information disclosure |
| CVE-2022-42443 | 2024-02-17 | Trusteer for mobile file upload |
| CVE-2022-41738 | 2024-02-17 | IBM Spectrum Scale security bypass |
| CVE-2022-41737 | 2024-02-17 | IBM Spectrum Scale security bypass |
| CVE-2023-52387 | 2024-02-18 | Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52097 | 2024-02-18 | Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52357 | 2024-02-18 | Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52358 | 2024-02-18 | Vulnerability of configuration defects in some APIs of the audio module.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52360 | 2024-02-18 | Logic vulnerabilities in the baseband.Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2023-52361 | 2024-02-18 | The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity. |
| CVE-2023-52362 | 2024-02-18 | Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52363 | 2024-02-18 | Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake. |
| CVE-2023-52365 | 2024-02-18 | Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-52366 | 2024-02-18 | Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-52367 | 2024-02-18 | Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity. |
| CVE-2023-52368 | 2024-02-18 | Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-52369 | 2024-02-18 | Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity. |
| CVE-2023-52370 | 2024-02-18 | Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access. |
| CVE-2023-52371 | 2024-02-18 | Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52372 | 2024-02-18 | Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52373 | 2024-02-18 | Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing. |
| CVE-2023-52374 | 2024-02-18 | Permission control vulnerability in the package management module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52375 | 2024-02-18 | Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52376 | 2024-02-18 | Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52377 | 2024-02-18 | Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access. |
| CVE-2023-52378 | 2024-02-18 | Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-52379 | 2024-02-18 | Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52380 | 2024-02-18 | Vulnerability of improper access control in the email module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52381 | 2024-02-18 | Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
| CVE-2022-48621 | 2024-02-18 | Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-6749 | 2024-02-18 | Unchecked user input length in the Zephyr Settings Shell |
| CVE-2023-6249 | 2024-02-18 | ipm: signed to unsigned conversion problem in esp32_ipm_send |
| CVE-2023-5779 | 2024-02-18 | can: out of bounds in remove_rx_filter function |
| CVE-2020-36774 | 2024-02-19 | plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash). |
| CVE-2022-48625 | 2024-02-19 | Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary. |
| CVE-2024-26327 | 2024-02-19 | An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF... |
| CVE-2024-26328 | 2024-02-19 | An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. |
| CVE-2022-48624 | 2024-02-19 | close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. |
| CVE-2024-24722 | 2024-02-19 | An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d... |
| CVE-2024-26318 | 2024-02-19 | Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. |
| CVE-2024-26308 | 2024-02-19 | Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file |
| CVE-2024-25710 | 2024-02-19 | Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file |
| CVE-2024-1580 | 2024-02-19 | Integer overflow in VideoLAN dav1d |
| CVE-2024-1343 | 2024-02-19 | Weak permission vulnerability in LaborOfficeFree |
| CVE-2024-1344 | 2024-02-19 | Encrypted database credentials in LaborOfficeFree |
| CVE-2024-1345 | 2024-02-19 | Weak MySQL database root password in LaborOfficeFree |
| CVE-2024-1346 | 2024-02-19 | Weak MySQL database root password in LaborOfficeFree |
| CVE-2024-1597 | 2024-02-19 | pgjdbc SQL Injection via line comment generation |
| CVE-2024-25623 | 2024-02-19 | Lack of media type verification of Activity Streams objects allows impersonation of remote accounts |
| CVE-2024-25625 | 2024-02-19 | Pimcore Host Header Injection in user invitation link |
| CVE-2024-25978 | 2024-02-19 | Msa-24-0001: denial of service risk in file picker unzip functionality |
| CVE-2024-25979 | 2024-02-19 | Msa-24-0002: forum search accepted random parameters in its url |
| CVE-2024-25980 | 2024-02-19 | Msa-24-0003: h5p attempts report did not respect activity group settings |
| CVE-2024-25981 | 2024-02-19 | Msa-24-0004: forum export did not respect activity group settings |
| CVE-2024-25982 | 2024-02-19 | Msa-24-0005: csrf risk in language import utility |
| CVE-2024-25983 | 2024-02-19 | Msa-24-0006: idor on dashboard comments block |
| CVE-2024-1633 | 2024-02-19 | FIP Header Integer Overflow |
| CVE-2023-50257 | 2024-02-19 | Disconnect Vulnerability in RTPS Packets Used by SROS2 |
| CVE-2024-25626 | 2024-02-19 | Yocto Project Security Advisory - BitBake/Toaster |
| CVE-2024-25636 | 2024-02-19 | Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts |
| CVE-2024-25635 | 2024-02-19 | IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS |
| CVE-2024-25634 | 2024-02-19 | IDOR make user can read e-mail log sent by other events |