CVE List - 2024 / February
Showing 501 - 600 of 2784 CVEs for February 2024 (Page 6 of 28)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-33077 | 2024-02-06 | Buffer Copy Without Checking Size of Input in HLOS |
| CVE-2023-43513 | 2024-02-06 | Use of Out-of-range Pointer Offset in PCIe |
| CVE-2023-43516 | 2024-02-06 | Use of out-of-range pointer offset in Video |
| CVE-2023-43517 | 2024-02-06 | Improper Access Control in Automotive Multimedia |
| CVE-2023-43518 | 2024-02-06 | Untrusted Pointer Dereference in Video |
| CVE-2023-43519 | 2024-02-06 | Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in Video |
| CVE-2023-43520 | 2024-02-06 | Stack-based Buffer Overflow in WLAN HOST |
| CVE-2023-43522 | 2024-02-06 | NULL Pointer Dereference in WLAN Firmware |
| CVE-2023-43523 | 2024-02-06 | Reachable Assertion in WLAN Firmware |
| CVE-2023-43532 | 2024-02-06 | Untrusted Pointer Dereference in Display |
| CVE-2023-43533 | 2024-02-06 | Buffer Over-read in WLAN Firmware |
| CVE-2023-43534 | 2024-02-06 | Use of Out-of-range Pointer Offset in WLAN HOST |
| CVE-2023-43535 | 2024-02-06 | Improper Validation of Array Index in Display |
| CVE-2023-43536 | 2024-02-06 | Buffer Over-read in WLAN Firmware |
| CVE-2023-25543 | 2024-02-06 | Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges... |
| CVE-2023-28049 | 2024-02-06 | Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary... |
| CVE-2023-28063 | 2024-02-06 | Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2023-32451 | 2024-02-06 | Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation |
| CVE-2023-32474 | 2024-02-06 | Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary... |
| CVE-2023-32454 | 2024-02-06 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial... |
| CVE-2023-32479 | 2024-02-06 | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A... |
| CVE-2024-0684 | 2024-02-06 | Coreutils: heap overflow in split --line-bytes with very long lines |
| CVE-2023-4503 | 2024-02-06 | Eap-galleon: custom provisioning creates unsecured http-invoker |
| CVE-2024-24936 | 2024-02-06 | In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed |
| CVE-2024-24937 | 2024-02-06 | In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible |
| CVE-2024-24938 | 2024-02-06 | In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation |
| CVE-2024-24939 | 2024-02-06 | In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible |
| CVE-2024-24940 | 2024-02-06 | In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives |
| CVE-2024-24941 | 2024-02-06 | In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL |
| CVE-2024-24942 | 2024-02-06 | In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives |
| CVE-2024-23917 | 2024-02-06 | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible |
| CVE-2024-24943 | 2024-02-06 | In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image |
| CVE-2024-23673 | 2024-02-06 | Apache Sling Servlets Resolver: Malicious code execution via path traversal |
| CVE-2024-0690 | 2024-02-06 | Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration |
| CVE-2024-0911 | 2024-02-06 | Indent: heap-based buffer overflow in set_buf_break() |
| CVE-2024-24590 | 2024-02-06 | Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on... |
| CVE-2024-24591 | 2024-02-06 | A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to... |
| CVE-2024-24592 | 2024-02-06 | Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. |
| CVE-2024-24593 | 2024-02-06 | A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user... |
| CVE-2024-24594 | 2024-02-06 | A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user... |
| CVE-2024-23344 | 2024-02-06 | Tuleap's content of artifacts might be readable by unauthorized users |
| CVE-2023-50395 | 2024-02-06 | SQL Injection Remote Code Execution Vulnerability |
| CVE-2024-1251 | 2024-02-06 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-35188 | 2024-02-06 | SQL Injection Remote Code Execution Vulnerability |
| CVE-2023-46183 | 2024-02-06 | IBM PowerVM Hypervisor information disclosure |
| CVE-2024-22331 | 2024-02-06 | IBM UrbanCode Deploy information disclosure |
| CVE-2023-47618 | 2024-02-06 | A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead... |
| CVE-2023-47617 | 2024-02-06 | A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can... |
| CVE-2023-46683 | 2024-02-06 | A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can... |
| CVE-2023-42664 | 2024-02-06 | A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request... |
| CVE-2023-47167 | 2024-02-06 | A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead... |
| CVE-2023-47209 | 2024-02-06 | A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead... |
| CVE-2023-36498 | 2024-02-06 | A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to... |
| CVE-2023-43482 | 2024-02-06 | A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary... |
| CVE-2024-1252 | 2024-02-06 | Tongda OA 2017 delete.php sql injection |
| CVE-2024-1253 | 2024-02-06 | Byzoro Smart S40 Management Platform Import web.php unrestricted upload |
| CVE-2023-40545 | 2024-02-06 | PingFederate OAuth client_secret_jwt Authentication Bypass |
| CVE-2024-1048 | 2024-02-06 | Grub2: grub2-set-bootflag can be abused by local (pseudo-)users |
| CVE-2024-1254 | 2024-02-06 | Byzoro Smart S20 Management Platform sysmanageajax.php sql injection |
| CVE-2024-1255 | 2024-02-06 | sepidz SepidzDigitalMenu Waiters information disclosure |
| CVE-2024-1256 | 2024-02-06 | Jspxcms filter_text.do cross site scripting |
| CVE-2024-22237 | 2024-02-06 | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root... |
| CVE-2024-22238 | 2024-02-06 | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper... |
| CVE-2024-22239 | 2024-02-06 | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular... |
| CVE-2024-22240 | 2024-02-06 | Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. |
| CVE-2024-22241 | 2024-02-06 | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. |
| CVE-2024-1257 | 2024-02-06 | Jspxcms find_text.do cross site scripting |
| CVE-2024-1258 | 2024-02-06 | Juanpao JPShop API params.php hard-coded key |
| CVE-2024-1259 | 2024-02-06 | Juanpao JPShop API AppController.php unrestricted upload |
| CVE-2023-38579 | 2024-02-06 | Westermo Lynx 206-F2G Cross-Site Request Forgery |
| CVE-2023-45227 | 2024-02-06 | Westermo Lynx Cross-site Scripting |
| CVE-2023-40544 | 2024-02-06 | Westermo Lynx Cleartext Transmission of Sensitive Information |
| CVE-2024-24575 | 2024-02-06 | libgit2 is vulnerable to a denial of service attack in `git_revparse_single` |
| CVE-2024-1260 | 2024-02-06 | Juanpao JPShop API ComboController.php actionIndex unrestricted upload |
| CVE-2023-42765 | 2024-02-06 | Westermo Lynx Cross-site Scripting |
| CVE-2024-24577 | 2024-02-06 | libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add` |
| CVE-2023-45213 | 2024-02-06 | Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains |
| CVE-2023-45222 | 2024-02-06 | Westermo Lynx Cross-site Scripting |
| CVE-2023-45735 | 2024-02-06 | Westermo Lynx Code Injection |
| CVE-2023-40143 | 2024-02-06 | Westermo Lynx |
| CVE-2024-1261 | 2024-02-06 | Juanpao JPShop API ComboController.php actionIndex unrestricted upload |
| CVE-2024-1262 | 2024-02-06 | Juanpao JPShop API MaterialController.php actionUpdate unrestricted upload |
| CVE-2024-1263 | 2024-02-06 | Juanpao JPShop API PosterController.php actionUpdate unrestricted upload |
| CVE-2024-22388 | 2024-02-06 | Insecure Default Initialization of Resource in HID Global |
| CVE-2024-1284 | 2024-02-06 | Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-1283 | 2024-02-06 | Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-1264 | 2024-02-06 | Juanpao JPShop UploadsController.php actionUpdate unrestricted upload |
| CVE-2024-0955 | 2024-02-06 | Stored XSS vulnerability |
| CVE-2024-0971 | 2024-02-06 | A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. |
| CVE-2023-46914 | 2024-02-07 | SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. |
| CVE-2024-24130 | 2024-02-07 | Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. |
| CVE-2024-24133 | 2024-02-07 | Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page. |
| CVE-2024-24303 | 2024-02-07 | SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method. |
| CVE-2023-38995 | 2024-02-07 | An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. |
| CVE-2023-40355 | 2024-02-07 | Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via... |
| CVE-2024-23769 | 2024-02-07 | Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. |
| CVE-2024-24019 | 2024-02-07 | A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list |
| CVE-2024-24131 | 2024-02-07 | SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. |
| CVE-2024-24186 | 2024-02-07 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. |
| CVE-2024-24188 | 2024-02-07 | Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. |