CVE List - 2024 / March
Showing 1401 - 1500 of 3299 CVEs for March 2024 (Page 15 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-2489 | 2024-03-15 | Tenda AC18 SetNetControlList formSetQosBand stack-based overflow |
| CVE-2024-24975 | 2024-03-15 | Denial of Service for mobile app users due to automatic code highlighting |
| CVE-2024-28053 | 2024-03-15 | Resource Exhaustion via the Invitation Feature |
| CVE-2024-2446 | 2024-03-15 | Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to... |
| CVE-2024-2450 | 2024-03-15 | Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an... |
| CVE-2024-2445 | 2024-03-15 | Reflected XSS in Mattermost Jira plugin |
| CVE-2024-2490 | 2024-03-15 | Tenda AC18 openSchedWifi setSchedWifi stack-based overflow |
| CVE-2024-23944 | 2024-03-15 | Apache ZooKeeper: Information disclosure in persistent watcher handling |
| CVE-2024-27987 | 2024-03-15 | WordPress Give plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-28752 | 2024-03-15 | Apache CXF SSRF Vulnerability using the Aegis databinding |
| CVE-2023-6725 | 2024-03-15 | Tripleo-ansible: bind keys are world readable |
| CVE-2024-27192 | 2024-03-15 | WordPress Configure SMTP Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-27196 | 2024-03-15 | WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27193 | 2024-03-15 | WordPress PayU India plugin <= 3.8.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27189 | 2024-03-15 | WordPress WP Social Widget plugin <= 2.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25936 | 2024-03-15 | WordPress SoundCloud Shortcode plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25934 | 2024-03-15 | WordPress FormFacade plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25921 | 2024-03-15 | WordPress Action Network plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25919 | 2024-03-15 | WordPress Custom Field Template plugin <= 2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25916 | 2024-03-15 | WordPress My Calendar plugin <= 3.4.23 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-2495 | 2024-03-15 | Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt |
| CVE-2024-25598 | 2024-03-15 | WordPress Elementor Addons by Livemesh plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25592 | 2024-03-15 | WordPress Broken Link Checker plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25593 | 2024-03-15 | WordPress NEX-Forms plugin <= 8.5.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25596 | 2024-03-15 | WordPress Doofinder for WooCommerce plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25597 | 2024-03-15 | WordPress Ultimate Reviews plugin <= 3.2.8 - Unauthenticated Cross Site Scripting (XSS) vulnerability |
| CVE-2023-50861 | 2024-03-15 | WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51525 | 2024-03-15 | WordPress WP Simple Booking Calendar plugin <= 2.0.8.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-50886 | 2024-03-15 | WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability |
| CVE-2023-50898 | 2024-03-15 | WordPress Image Optimizer, Resizer and CDN – Sirv plugin <= 7.1.2 - Broken Access Control vulnerability |
| CVE-2023-51369 | 2024-03-15 | WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51522 | 2024-03-15 | WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-46182 | 2024-03-15 | IBM Secure Proxy cross-site scripting |
| CVE-2023-47162 | 2024-03-15 | IBM Secure Proxy cross-site scripting |
| CVE-2023-46179 | 2024-03-15 | IBM Secure Proxy information disclosure |
| CVE-2023-47147 | 2024-03-15 | IBM Secure Proxy file manipulation |
| CVE-2023-47699 | 2024-03-15 | IBM Secure Proxy cross-site scripting |
| CVE-2023-46181 | 2024-03-15 | IBM Secure Proxy information disclosure |
| CVE-2021-38938 | 2024-03-15 | IBM Host Access Transformation Services information disclosure |
| CVE-2024-2497 | 2024-03-15 | RaspAP raspap-webgui HTTP POST Request provider.php code injection |
| CVE-2023-7017 | 2024-03-15 | CVE-2023-7017 |
| CVE-2023-7009 | 2024-03-15 | CVE-2023-7009 |
| CVE-2023-7004 | 2024-03-15 | CVE-2023-7004 |
| CVE-2023-7006 | 2024-03-15 | CVE-2023-7006 |
| CVE-2023-7007 | 2024-03-15 | CVE-2023-7007 |
| CVE-2023-7003 | 2024-03-15 | CVE-2023-7003 |
| CVE-2023-6960 | 2024-03-15 | CVE-2023-6960 |
| CVE-2024-2537 | 2024-03-15 | Electron Code Injection in Logi Tune macOS Application |
| CVE-2024-2193 | 2024-03-15 | Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace. |
| CVE-2023-7060 | 2024-03-15 | Missing Security Control in Zephyr OS IP Packet Handling |
| CVE-2024-28854 | 2024-03-15 | Slow loris vulnerability with default configuration in tls-listener |
| CVE-2024-28851 | 2024-03-15 | Elevation of privilege in Snowflake Hive MetaStore Connector Helper script |
| CVE-2024-28252 | 2024-03-15 | CoreWCF NetFraming based services can leave connections open when they should be closed |
| CVE-2023-51699 | 2024-03-15 | OS Command Injection for Fluid Users with JuicefsRuntime |
| CVE-2024-24827 | 2024-03-15 | No rate limits on POST /uploads endpoint in Discourse |
| CVE-2024-24748 | 2024-03-15 | Disclosure of the existence of secret subcategories in Discourse |
| CVE-2024-28242 | 2024-03-15 | Disclosure of the existence of secret categories with custom backgrounds in Discourse |
| CVE-2024-27100 | 2024-03-15 | Denial of service via Staff Actions in Discourse |
| CVE-2024-27085 | 2024-03-15 | Denial of service through invites in Discourse |
| CVE-2024-27920 | 2024-03-15 | Unsigned code template execution through workflows in projectdiscovery/nuclei |
| CVE-2023-7248 | 2024-03-15 | OpenText Vertica Management console might be prone to bypass via crafted requests |
| CVE-2024-28253 | 2024-03-15 | SpEL Injection in `PUT /api/v1/policies` in OpenMetadata |
| CVE-2024-28254 | 2024-03-15 | SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata |
| CVE-2024-28847 | 2024-03-15 | SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata |
| CVE-2024-28255 | 2024-03-15 | Authentication Bypass in OpenMetadata |
| CVE-2024-28848 | 2024-03-15 | SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata |
| CVE-2021-47109 | 2024-03-15 | neighbour: allow NUD_NOARP entries to be forced GCed |
| CVE-2021-47110 | 2024-03-15 | x86/kvm: Disable kvmclock on all CPUs on shutdown |
| CVE-2021-47111 | 2024-03-15 | xen-netback: take a reference to the RX task thread |
| CVE-2021-47112 | 2024-03-15 | x86/kvm: Teardown PV features on boot CPU as well |
| CVE-2021-47113 | 2024-03-15 | btrfs: abort in rename_exchange if we fail to insert the second ref |
| CVE-2021-47114 | 2024-03-15 | ocfs2: fix data corruption by fallocate |
| CVE-2021-47116 | 2024-03-15 | ext4: fix memory leak in ext4_mb_init_backend on error path. |
| CVE-2021-47117 | 2024-03-15 | ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed |
| CVE-2021-47118 | 2024-03-15 | pid: take a reference when initializing `cad_pid` |
| CVE-2021-47119 | 2024-03-15 | ext4: fix memory leak in ext4_fill_super |
| CVE-2021-47120 | 2024-03-15 | HID: magicmouse: fix NULL-deref on disconnect |
| CVE-2021-47121 | 2024-03-15 | net: caif: fix memory leak in cfusbl_device_notify |
| CVE-2021-47122 | 2024-03-15 | net: caif: fix memory leak in caif_device_notify |
| CVE-2021-47123 | 2024-03-15 | io_uring: fix ltout double free on completion race |
| CVE-2021-47124 | 2024-03-15 | io_uring: fix link timeout refs |
| CVE-2021-47125 | 2024-03-15 | sch_htb: fix refcount leak in htb_parent_to_leaf_offload |
| CVE-2021-47126 | 2024-03-15 | ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions |
| CVE-2021-47127 | 2024-03-15 | ice: track AF_XDP ZC enabled queues in bitmap |
| CVE-2021-47128 | 2024-03-15 | bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks |
| CVE-2021-47129 | 2024-03-15 | netfilter: nft_ct: skip expectations for confirmed conntrack |
| CVE-2021-47130 | 2024-03-15 | nvmet: fix freeing unallocated p2pmem |
| CVE-2021-47131 | 2024-03-15 | net/tls: Fix use-after-free after the TLS device goes down and up |
| CVE-2021-47132 | 2024-03-15 | mptcp: fix sk_forward_memory corruption on retransmission |
| CVE-2021-47133 | 2024-03-15 | HID: amd_sfh: Fix memory leak in amd_sfh_work |
| CVE-2021-47134 | 2024-03-15 | efi/fdt: fix panic when no valid fdt found |
| CVE-2021-47135 | 2024-03-15 | mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report |
| CVE-2024-23298 | 2024-03-15 | A logic issue was addressed with improved state management. |
| CVE-2024-2514 | 2024-03-15 | MAGESH-K21 Online-College-Event-Hall-Reservation-System login.php sql injection |
| CVE-2024-28859 | 2024-03-15 | Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency |
| CVE-2024-28862 | 2024-03-15 | ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. |
| CVE-2023-36483 | 2024-03-16 | MAS (a Carrier brand) MASmobile Classic Authorization Bypass |
| CVE-2024-22513 | 2024-03-16 | djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks... |
| CVE-2024-24156 | 2024-03-16 | Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter. |
| CVE-2024-28640 | 2024-03-16 | Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. |