CVE List - 2024 / February
Showing 2201 - 2300 of 2784 CVEs for February 2024 (Page 23 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-27456 | 2024-02-26 | rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files. |
| CVE-2023-49960 | 2024-02-26 | In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter... |
| CVE-2024-24402 | 2024-02-26 | An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. |
| CVE-2024-24721 | 2024-02-26 | An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access... |
| CVE-2024-25081 | 2024-02-26 | Splinefont in FontForge through 20230101 allows command injection via crafted filenames. |
| CVE-2024-25082 | 2024-02-26 | Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. |
| CVE-2024-25248 | 2024-02-26 | SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter. |
| CVE-2024-26462 | 2024-02-26 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. |
| CVE-2024-1876 | 2024-02-26 | SourceCodester Employee Management System psubmit.php sql injection |
| CVE-2024-1877 | 2024-02-26 | SourceCodester Employee Management System cancel.php sql injection |
| CVE-2024-1878 | 2024-02-26 | SourceCodester Employee Management System myprofile.php sql injection |
| CVE-2024-1735 | 2024-02-26 | A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version... |
| CVE-2024-1885 | 2024-02-26 | Remote Code Execution attack on LG Signage |
| CVE-2024-1886 | 2024-02-26 | Absolute path traversal attack on LG Signage |
| CVE-2024-22371 | 2024-02-26 | Apache Camel issue on ExchangeCreatedEvent |
| CVE-2023-49114 | 2024-02-26 | Local Privilege Escalation via DLL Hijacking |
| CVE-2024-0387 | 2024-02-26 | EDS-4000/G4000 Series IP Forwarding Vulnerability |
| CVE-2024-1622 | 2024-02-26 | Routinator terminates when RTR connection is reset too quickly after opening |
| CVE-2024-1889 | 2024-02-26 | Cross-Site Request Forgery vulnerability in SMA Cluster Controller |
| CVE-2024-1890 | 2024-02-26 | Clickjacking vulnerability in Sunny Webbox |
| CVE-2024-26606 | 2024-02-26 | binder: signal epoll threads of self-work |
| CVE-2024-25925 | 2024-02-26 | WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload |
| CVE-2024-25913 | 2024-02-26 | WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload |
| CVE-2024-25909 | 2024-02-26 | WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload |
| CVE-2024-23835 | 2024-02-26 | Suricata's pgsql: memory exhaustion use on record parsing |
| CVE-2024-24714 | 2024-02-26 | WordPress Icons Font Loader Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload |
| CVE-2024-23836 | 2024-02-26 | crafted traffic can cause denial of service |
| CVE-2024-23839 | 2024-02-26 | Suricata http: heap use after free with http.request_header and http.response_header keywords |
| CVE-2024-24568 | 2024-02-26 | Suricata http2: header handling evasion |
| CVE-2024-1436 | 2024-02-26 | WordPress WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit Plugin <= 1.0.9 is vulnerable to Sensitive Data Exposure |
| CVE-2024-23605 | 2024-02-26 | A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide... |
| CVE-2024-21836 | 2024-02-26 | A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide... |
| CVE-2024-21802 | 2024-02-26 | A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide... |
| CVE-2024-23496 | 2024-02-26 | A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide... |
| CVE-2024-21825 | 2024-02-26 | A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can... |
| CVE-2024-22201 | 2024-02-26 | Jetty connection leaking on idle timeout when TCP congested |
| CVE-2024-23837 | 2024-02-26 | LibHTP unbounded folded header handling leads to denial service |
| CVE-2024-27081 | 2024-02-26 | ESPHome remote code execution via arbitrary file write |
| CVE-2024-27087 | 2024-02-26 | Kirby cross-site scripting (XSS) in the link field "Custom" type |
| CVE-2024-27088 | 2024-02-26 | es5-ext Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` |
| CVE-2019-25160 | 2024-02-26 | netlabel: fix out-of-bounds memory accesses |
| CVE-2019-25162 | 2024-02-26 | i2c: Fix a potential use after free |
| CVE-2020-36775 | 2024-02-26 | f2fs: fix to avoid potential deadlock |
| CVE-2021-46906 | 2024-02-26 | HID: usbhid: fix info leak in hid_submit_ctrl |
| CVE-2023-52474 | 2024-02-26 | IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests |
| CVE-2024-1899 | 2024-02-26 | Showdownjs Denial of Service |
| CVE-2024-27092 | 2024-02-26 | Content spoofing - real Hoppscotch emails |
| CVE-2024-26149 | 2024-02-26 | Vyper _abi_decode Memory Overflow |
| CVE-2024-24564 | 2024-02-26 | Vyper extract32 can ready dirty memory |
| CVE-2024-27093 | 2024-02-26 | Minder trusts client-provided mapping from repo name to upstream ID |
| CVE-2023-41506 | 2024-02-27 | An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-22543 | 2024-02-27 | An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings... |
| CVE-2024-22544 | 2024-02-27 | An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. |
| CVE-2024-22917 | 2024-02-27 | SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script. |
| CVE-2024-24027 | 2024-02-27 | SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists. |
| CVE-2024-24095 | 2024-02-27 | Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection. |
| CVE-2024-24096 | 2024-02-27 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN. |
| CVE-2024-24099 | 2024-02-27 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update. |
| CVE-2024-24323 | 2024-02-27 | SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component. |
| CVE-2024-25166 | 2024-02-27 | Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. |
| CVE-2024-25398 | 2024-02-27 | In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service. |
| CVE-2024-25399 | 2024-02-27 | Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php. |
| CVE-2024-25723 | 2024-02-27 | ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid... |
| CVE-2024-25840 | 2024-02-27 | In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by... |
| CVE-2024-25841 | 2024-02-27 | In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection. |
| CVE-2024-25843 | 2024-02-27 | In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions. |
| CVE-2024-25846 | 2024-02-27 | In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. |
| CVE-2024-26470 | 2024-02-27 | A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. |
| CVE-2024-26471 | 2024-02-27 | A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php. |
| CVE-2024-26472 | 2024-02-27 | KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by... |
| CVE-2024-26473 | 2024-02-27 | A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php. |
| CVE-2024-26542 | 2024-02-27 | Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name... |
| CVE-2024-27508 | 2024-02-27 | Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c. |
| CVE-2024-24100 | 2024-02-27 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID. |
| CVE-2024-24720 | 2024-02-27 | An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system. |
| CVE-2024-25400 | 2024-02-27 | Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that... |
| CVE-2024-27356 | 2024-02-27 | An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5,... |
| CVE-2024-27507 | 2024-02-27 | libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp. |
| CVE-2023-7033 | 2024-02-27 | Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE... |
| CVE-2024-1323 | 2024-02-27 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30... |
| CVE-2024-0759 | 2024-02-27 | Collection of internally resolving IPs |
| CVE-2024-1686 | 2024-02-27 | The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the... |
| CVE-2024-1687 | 2024-02-27 | The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content()... |
| CVE-2024-1698 | 2024-02-27 | The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all... |
| CVE-2021-46908 | 2024-02-27 | bpf: Use correct permission flag for mixed signed bounds arithmetic |
| CVE-2021-46909 | 2024-02-27 | ARM: footbridge: fix PCI interrupt mapping |
| CVE-2021-46910 | 2024-02-27 | ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled |
| CVE-2021-46911 | 2024-02-27 | ch_ktls: Fix kernel panic |
| CVE-2021-46912 | 2024-02-27 | net: Make tcp_allowed_congestion_control readonly in non-init netns |
| CVE-2021-46913 | 2024-02-27 | netfilter: nftables: clone set element expression template |
| CVE-2021-46914 | 2024-02-27 | ixgbe: fix unbalanced device enable/disable in suspend/resume |
| CVE-2021-46915 | 2024-02-27 | netfilter: nft_limit: avoid possible divide error in nft_limit_init |
| CVE-2021-46916 | 2024-02-27 | ixgbe: Fix NULL pointer dereference in ethtool loopback test |
| CVE-2021-46917 | 2024-02-27 | dmaengine: idxd: fix wq cleanup of WQCFG registers |
| CVE-2021-46918 | 2024-02-27 | dmaengine: idxd: clear MSIX permission entry on shutdown |
| CVE-2021-46919 | 2024-02-27 | dmaengine: idxd: fix wq size store permission state |
| CVE-2021-46920 | 2024-02-27 | dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback |
| CVE-2023-50379 | 2024-02-27 | Apache Ambari: authenticated users could perform command injection to perform RCE |
| CVE-2023-7202 | 2024-02-27 | Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending |
| CVE-2023-7167 | 2024-02-27 | Persian Fonts <= 1.6 - Admin+ Stored XSS |