CVE List - 2024 / February
Showing 2501 - 2600 of 2784 CVEs for February 2024 (Page 26 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-46995 | 2024-02-28 | can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe |
| CVE-2021-46996 | 2024-02-28 | netfilter: nftables: Fix a memleak from userdata error path in new objects |
| CVE-2021-46997 | 2024-02-28 | arm64: entry: always set GIC_PRIO_PSR_I_SET during entry |
| CVE-2021-46998 | 2024-02-28 | ethernet:enic: Fix a use after free bug in enic_hard_start_xmit |
| CVE-2021-46999 | 2024-02-28 | sctp: do asoc update earlier in sctp_sf_do_dupcook_a |
| CVE-2021-47000 | 2024-02-28 | ceph: fix inode leak on getattr error in __fh_to_dentry |
| CVE-2021-47001 | 2024-02-28 | xprtrdma: Fix cwnd update ordering |
| CVE-2021-47002 | 2024-02-28 | SUNRPC: Fix null pointer dereference in svc_rqst_free() |
| CVE-2021-47003 | 2024-02-28 | dmaengine: idxd: Fix potential null dereference on pointer status |
| CVE-2021-47004 | 2024-02-28 | f2fs: fix to avoid touching checkpointed data in get_victim() |
| CVE-2021-47005 | 2024-02-28 | PCI: endpoint: Fix NULL pointer dereference for ->get_features() |
| CVE-2021-47006 | 2024-02-28 | ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook |
| CVE-2021-47007 | 2024-02-28 | f2fs: fix panic during f2fs_resize_fs() |
| CVE-2021-47008 | 2024-02-28 | KVM: SVM: Make sure GHCB is mapped before updating |
| CVE-2021-47009 | 2024-02-28 | KEYS: trusted: Fix memory leak on object td |
| CVE-2021-47010 | 2024-02-28 | net: Only allow init netns to set default tcp cong to a restricted algo |
| CVE-2021-47011 | 2024-02-28 | mm: memcontrol: slab: fix obtain a reference to a freeing memcg |
| CVE-2021-47012 | 2024-02-28 | RDMA/siw: Fix a use after free in siw_alloc_mr |
| CVE-2021-47013 | 2024-02-28 | net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send |
| CVE-2021-47014 | 2024-02-28 | net/sched: act_ct: fix wild memory access when clearing fragments |
| CVE-2021-47015 | 2024-02-28 | bnxt_en: Fix RX consumer index logic in the error path. |
| CVE-2021-47017 | 2024-02-28 | ath10k: Fix a use after free in ath10k_htc_send_bundle |
| CVE-2021-47018 | 2024-02-28 | powerpc/64: Fix the definition of the fixmap area |
| CVE-2021-47019 | 2024-02-28 | mt76: mt7921: fix possible invalid register access |
| CVE-2021-47021 | 2024-02-28 | mt76: mt7915: fix memleak when mt7915_unregister_device() |
| CVE-2021-47022 | 2024-02-28 | mt76: mt7615: fix memleak when mt7615_unregister_device() |
| CVE-2021-47023 | 2024-02-28 | net: marvell: prestera: fix port event handling on init |
| CVE-2021-47024 | 2024-02-28 | vsock/virtio: free queued packets when closing socket |
| CVE-2021-47025 | 2024-02-28 | iommu/mediatek: Always enable the clk on resume |
| CVE-2021-47026 | 2024-02-28 | RDMA/rtrs-clt: destroy sysfs after removing session from active list |
| CVE-2021-47027 | 2024-02-28 | mt76: mt7921: fix kernel crash when the firmware fails to download |
| CVE-2021-47028 | 2024-02-28 | mt76: mt7915: fix txrate reporting |
| CVE-2021-47029 | 2024-02-28 | mt76: connac: fix kernel warning adding monitor interface |
| CVE-2021-47030 | 2024-02-28 | mt76: mt7615: fix memory leak in mt7615_coredump_work |
| CVE-2021-47031 | 2024-02-28 | mt76: mt7921: fix memory leak in mt7921_coredump_work |
| CVE-2021-47032 | 2024-02-28 | mt76: mt7915: fix tx skb dma unmap |
| CVE-2021-47033 | 2024-02-28 | mt76: mt7615: fix tx skb dma unmap |
| CVE-2021-47034 | 2024-02-28 | powerpc/64s: Fix pte update for kernel memory on radix |
| CVE-2021-47035 | 2024-02-28 | iommu/vt-d: Remove WO permissions on second-level paging entries |
| CVE-2021-47036 | 2024-02-28 | udp: skip L4 aggregation for UDP tunnel packets |
| CVE-2021-47037 | 2024-02-28 | ASoC: q6afe-clocks: fix reprobing of the driver |
| CVE-2021-47038 | 2024-02-28 | Bluetooth: avoid deadlock between hci_dev->lock and socket lock |
| CVE-2021-47039 | 2024-02-28 | ataflop: potential out of bounds in do_format() |
| CVE-2021-47040 | 2024-02-28 | io_uring: fix overflows checks in provide buffers |
| CVE-2021-47041 | 2024-02-28 | nvmet-tcp: fix incorrect locking in state_change sk callback |
| CVE-2021-47042 | 2024-02-28 | drm/amd/display: Free local data after use |
| CVE-2021-47043 | 2024-02-28 | media: venus: core: Fix some resource leaks in the error path of 'venus_probe()' |
| CVE-2021-47044 | 2024-02-28 | sched/fair: Fix shift-out-of-bounds in load_balance() |
| CVE-2021-47045 | 2024-02-28 | scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() |
| CVE-2021-47046 | 2024-02-28 | drm/amd/display: Fix off by one in hdmi_14_process_transaction() |
| CVE-2021-47047 | 2024-02-28 | spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails |
| CVE-2021-47048 | 2024-02-28 | spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op |
| CVE-2021-47049 | 2024-02-28 | Drivers: hv: vmbus: Use after free in __vmbus_open() |
| CVE-2021-47050 | 2024-02-28 | memory: renesas-rpc-if: fix possible NULL pointer dereference of resource |
| CVE-2021-47051 | 2024-02-28 | spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() |
| CVE-2021-47052 | 2024-02-28 | crypto: sa2ul - Fix memory leak of rxd |
| CVE-2021-47053 | 2024-02-28 | crypto: sun8i-ss - Fix memory leak of pad |
| CVE-2024-22459 | 2024-02-28 | Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this... |
| CVE-2024-1514 | 2024-02-28 | The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on... |
| CVE-2023-6922 | 2024-02-28 | The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can... |
| CVE-2024-0975 | 2024-02-28 | The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for... |
| CVE-2024-0680 | 2024-02-28 | The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting... |
| CVE-2024-0433 | 2024-02-28 | The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation... |
| CVE-2024-1791 | 2024-02-28 | The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization... |
| CVE-2024-0682 | 2024-02-28 | The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to... |
| CVE-2024-0768 | 2024-02-28 | The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or... |
| CVE-2024-0432 | 2024-02-28 | The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation... |
| CVE-2024-1566 | 2024-02-28 | The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1.... |
| CVE-2024-0431 | 2024-02-28 | The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation... |
| CVE-2024-1954 | 2024-02-28 | The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due... |
| CVE-2024-0766 | 2024-02-28 | The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all... |
| CVE-2024-1516 | 2024-02-28 | The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including,... |
| CVE-2024-1368 | 2024-02-28 | The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including,... |
| CVE-2024-0786 | 2024-02-28 | The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory function... |
| CVE-2024-0767 | 2024-02-28 | The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or... |
| CVE-2024-1136 | 2024-02-28 | The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all... |
| CVE-2024-1476 | 2024-02-28 | The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This... |
| CVE-2024-1860 | 2024-02-28 | The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check... |
| CVE-2024-1719 | 2024-02-28 | The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7... |
| CVE-2024-1861 | 2024-02-28 | The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check... |
| CVE-2024-27315 | 2024-02-28 | Apache Superset: Improper error handling on alerts |
| CVE-2024-24773 | 2024-02-28 | Apache Superset: Improper validation of SQL statements allows for unauthorized access to data |
| CVE-2024-24772 | 2024-02-28 | Apache Superset: Improper Neutralisation of custom SQL on embedded context |
| CVE-2024-24779 | 2024-02-28 | Apache Superset: Improper data authorization when creating a new dataset |
| CVE-2024-26016 | 2024-02-28 | Apache Superset: Improper authorization validation on dashboards and charts import |
| CVE-2024-1632 | 2024-02-28 | Incorrect access control in the Sitefinity backend |
| CVE-2024-1636 | 2024-02-28 | Potential Cross-Site Scripting (XSS) in the page editing area |
| CVE-2024-21885 | 2024-02-28 | Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent |
| CVE-2024-21886 | 2024-02-28 | Xorg-x11-server: heap buffer overflow in disabledevice |
| CVE-2024-1965 | 2024-02-28 | Server-Side Request Forgery Vulnerability in Haivision Products |
| CVE-2024-25927 | 2024-02-28 | WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection |
| CVE-2024-1808 | 2024-02-28 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due... |
| CVE-2024-25910 | 2024-02-28 | WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection |
| CVE-2024-25902 | 2024-02-28 | WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection |
| CVE-2024-24868 | 2024-02-28 | WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection |
| CVE-2024-25932 | 2024-02-28 | WordPress Change Table Prefix Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25931 | 2024-02-28 | WordPress Heureka Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25930 | 2024-02-28 | WordPress Custom Order Statuses for WooCommerce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24708 | 2024-02-28 | WordPress W3SPEEDSTER Plugin <= 7.19 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-23807 | 2024-02-28 | Apache Xerces C++: Use-after-free on external DTD scan |