CVE List - 2024 / March
Showing 2601 - 2700 of 3299 CVEs for March 2024 (Page 27 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-28335 | 2024-03-27 | Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser... |
| CVE-2024-28815 | 2024-03-27 | A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration,... |
| CVE-2023-39804 | 2024-03-27 | In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. |
| CVE-2023-45913 | 2024-03-27 | Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application... |
| CVE-2023-45919 | 2024-03-27 | Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller... |
| CVE-2023-45920 | 2024-03-27 | Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run... |
| CVE-2023-45922 | 2024-03-27 | glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation... |
| CVE-2023-45924 | 2024-03-27 | libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require... |
| CVE-2023-45925 | 2024-03-27 | GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability... |
| CVE-2023-45927 | 2024-03-27 | S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf(). |
| CVE-2023-45931 | 2024-03-27 | Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was... |
| CVE-2023-45935 | 2024-03-27 | Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should... |
| CVE-2023-46046 | 2024-03-27 | An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case... |
| CVE-2023-46047 | 2024-03-27 | An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation... |
| CVE-2023-46048 | 2024-03-27 | Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. |
| CVE-2023-46049 | 2024-03-27 | LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the... |
| CVE-2023-46051 | 2024-03-27 | TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem. |
| CVE-2023-46052 | 2024-03-27 | Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code... |
| CVE-2024-24335 | 2024-03-27 | A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. |
| CVE-2024-25354 | 2024-03-27 | RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. |
| CVE-2024-25388 | 2024-03-27 | drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow. |
| CVE-2024-25389 | 2024-03-27 | RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c. |
| CVE-2024-25390 | 2024-03-27 | A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. |
| CVE-2024-25391 | 2024-03-27 | A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. |
| CVE-2024-25392 | 2024-03-27 | An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. |
| CVE-2024-25393 | 2024-03-27 | A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. |
| CVE-2024-25394 | 2024-03-27 | A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. |
| CVE-2024-25395 | 2024-03-27 | A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. |
| CVE-2024-25580 | 2024-03-27 | An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur... |
| CVE-2024-25734 | 2024-03-27 | An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier... |
| CVE-2024-25735 | 2024-03-27 | An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request. |
| CVE-2024-25736 | 2024-03-27 | An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request. |
| CVE-2024-28085 | 2024-03-27 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are... |
| CVE-2024-2932 | 2024-03-27 | SourceCodester Online Chatting System update_room.php sql injection |
| CVE-2024-2206 | 2024-03-27 | SSRF Vulnerability in gradio-app/gradio |
| CVE-2024-2934 | 2024-03-27 | SourceCodester Todo List in Kanban Board delete-todo.php sql injection |
| CVE-2024-2935 | 2024-03-27 | SourceCodester Todo List in Kanban Board Add ToDo cross site scripting |
| CVE-2024-2938 | 2024-03-27 | Campcodes Online Examination System updateCourse.php sql injection |
| CVE-2024-2939 | 2024-03-27 | Campcodes Online Examination System updateExaminee.php cross site scripting |
| CVE-2024-2244 | 2024-03-27 | REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations. |
| CVE-2024-2940 | 2024-03-27 | Campcodes Online Examination System updateCourse.php cross site scripting |
| CVE-2024-1531 | 2024-03-27 | A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log,... |
| CVE-2024-1532 | 2024-03-27 | A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if... |
| CVE-2024-2210 | 2024-03-27 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This... |
| CVE-2024-2139 | 2024-03-27 | The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient... |
| CVE-2024-2203 | 2024-03-27 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it... |
| CVE-2024-2941 | 2024-03-27 | Campcodes Online Examination System loginExe.php sql injection |
| CVE-2024-2942 | 2024-03-27 | Campcodes Online Examination System deleteQuestionExe.php sql injection |
| CVE-2024-0400 | 2024-03-27 | SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send... |
| CVE-2024-2097 | 2024-03-27 | An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the... |
| CVE-2024-2943 | 2024-03-27 | Campcodes Online Examination System deleteExamExe.php sql injection |
| CVE-2024-2944 | 2024-03-27 | Campcodes Online Examination System deleteCourseExe.php sql injection |
| CVE-2024-2945 | 2024-03-27 | Campcodes Online Examination System updateExaminee.php sql injection |
| CVE-2023-49815 | 2024-03-27 | WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-24842 | 2024-03-27 | WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 11.30.2 - PHP Object Injection vulnerability |
| CVE-2024-22311 | 2024-03-27 | WordPress Simply Schedule Appointments plugin <= 1.6.6.20 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2023-39306 | 2024-03-27 | WordPress Avada Builder plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25926 | 2024-03-27 | WordPress Widgets Controller plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-25920 | 2024-03-27 | WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-24800 | 2024-03-27 | WordPress Product Feed PRO for WooCommerce plugin <= 13.2.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-24700 | 2024-03-27 | WordPress WP Editor plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-22288 | 2024-03-27 | WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.4.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-22149 | 2024-03-27 | WordPress cformsII plugin <= 15.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-52228 | 2024-03-27 | WordPress Beds24 Online Booking plugin <= 2.0.24 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-22300 | 2024-03-27 | WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-22299 | 2024-03-27 | WordPress FV Player plugin <= 7.5.41.7212 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30199 | 2024-03-27 | WordPress WP-Lister Lite for Amazon plugin <= 2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30201 | 2024-03-27 | WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30198 | 2024-03-27 | WordPress Buddyforms plugin <= 2.8.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30197 | 2024-03-27 | WordPress Church Admin plugin <= 4.0.26 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27188 | 2024-03-27 | WordPress Breeze plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30196 | 2024-03-27 | WordPress Easy Social Share Buttons plugin <= 9.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30195 | 2024-03-27 | WordPress New RoyalSlider plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30194 | 2024-03-27 | WordPress Sunshine Photo Cart plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-1364 | 2024-03-27 | The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization... |
| CVE-2024-2781 | 2024-03-27 | The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input... |
| CVE-2024-2121 | 2024-03-27 | The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to... |
| CVE-2024-2120 | 2024-03-27 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up... |
| CVE-2024-1521 | 2024-03-27 | The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including,... |
| CVE-2024-2954 | 2024-03-27 | The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of... |
| CVE-2024-30193 | 2024-03-27 | WordPress Church Admin plugin <= 4.1.17 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30192 | 2024-03-27 | WordPress Pinterest Plugin <= 1.8.2 - Cross Site Scripting (XSS) |
| CVE-2024-29907 | 2024-03-27 | WordPress SEO Backlink Monitor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29906 | 2024-03-27 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29820 | 2024-03-27 | WordPress PDF Builder for WPForms plugin <= 1.2.88 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29908 | 2024-03-27 | WordPress Co-marquage service-public.fr plugin <= 0.5.71 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29909 | 2024-03-27 | WordPress Travelers' Map plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29910 | 2024-03-27 | WordPress Dropdown Multisite selector plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29911 | 2024-03-27 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29912 | 2024-03-27 | WordPress iCalendrier plugin <= 1.80 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29913 | 2024-03-27 | WordPress Tutor LMS Elementor Addons plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29914 | 2024-03-27 | WordPress Stratum – Elementor Widgets plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29915 | 2024-03-27 | WordPress Podlove Podcast Publisher plugin <= 4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29917 | 2024-03-27 | WordPress Compact WP Audio Player plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29918 | 2024-03-27 | WordPress Survey Maker plugin <= 4.0.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29919 | 2024-03-27 | WordPress Photo Gallery by Ays Plugin <=5.5.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29920 | 2024-03-27 | WordPress Move Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29921 | 2024-03-27 | WordPress Photo Gallery by Supsystic plugin <= 1.15.16 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29922 | 2024-03-27 | WordPress Slider Hero plugin <= 8.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29923 | 2024-03-27 | WordPress PropertyHive plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability |