CVE List - 2024 / March
Showing 2801 - 2900 of 3299 CVEs for March 2024 (Page 29 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-2979 | 2024-03-27 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow |
| CVE-2024-2980 | 2024-03-27 | Tenda FH1202 execCommand formexeCommand stack-based overflow |
| CVE-2024-2981 | 2024-03-27 | Tenda FH1202 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow |
| CVE-2024-2982 | 2024-03-27 | Tenda FH1202 WriteFacMac formWriteFacMac command injection |
| CVE-2024-1540 | 2024-03-27 | Command Injection in gradio-app/gradio via deploy+test-visual.yml workflow |
| CVE-2024-2983 | 2024-03-27 | Tenda FH1202 SetClientState formSetClientState stack-based overflow |
| CVE-2024-2984 | 2024-03-27 | Tenda FH1202 setcfm formSetCfm stack-based overflow |
| CVE-2024-29946 | 2024-03-27 | Risky command safeguards bypass in Dashboard Examples Hub |
| CVE-2024-29945 | 2024-03-27 | Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise |
| CVE-2024-2985 | 2024-03-27 | Tenda FH1202 QuickIndex formQuickIndex stack-based overflow |
| CVE-2024-2986 | 2024-03-27 | Tenda FH1202 SetSpeedWan formSetSpeedWan stack-based overflow |
| CVE-2024-20333 | 2024-03-27 | A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an... |
| CVE-2024-20354 | 2024-03-27 | A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition... |
| CVE-2024-20316 | 2024-03-27 | A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a... |
| CVE-2024-20311 | 2024-03-27 | A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device... |
| CVE-2024-20276 | 2024-03-27 | A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due... |
| CVE-2024-20259 | 2024-03-27 | A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial... |
| CVE-2024-20324 | 2024-03-27 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper... |
| CVE-2024-20312 | 2024-03-27 | A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service... |
| CVE-2024-20314 | 2024-03-27 | A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop... |
| CVE-2024-20306 | 2024-03-27 | A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying... |
| CVE-2024-20278 | 2024-03-27 | A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due... |
| CVE-2024-2987 | 2024-03-27 | Tenda FH1202 GetParentControlInfo stack-based overflow |
| CVE-2024-20303 | 2024-03-27 | A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of... |
| CVE-2024-20309 | 2024-03-27 | A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This... |
| CVE-2024-23450 | 2024-03-27 | Elasticsearch Uncontrolled Resource Consumption vulnerability |
| CVE-2024-20265 | 2024-03-27 | A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image... |
| CVE-2024-20271 | 2024-03-27 | A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected... |
| CVE-2023-0582 | 2024-03-27 | Path Traversal in ForgeRock Access Managment |
| CVE-2024-20308 | 2024-03-27 | A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an... |
| CVE-2024-20307 | 2024-03-27 | A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an... |
| CVE-2024-2988 | 2024-03-27 | Tenda FH1203 fromRouteStatic fromSetRouteStatic stack-based overflow |
| CVE-2024-2989 | 2024-03-27 | Tenda FH1203 NatStaticSetting fromNatStaticSetting stack-based overflow |
| CVE-2024-23451 | 2024-03-27 | Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model |
| CVE-2024-28233 | 2024-03-27 | XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing |
| CVE-2024-28247 | 2024-03-27 | Pihole Authenticated Arbitrary File Read with root privileges |
| CVE-2024-2990 | 2024-03-27 | Tenda FH1203 execCommand formexeCommand stack-based overflow |
| CVE-2024-2991 | 2024-03-27 | Tenda FH1203 WriteFacMac formWriteFacMac command injection |
| CVE-2024-28860 | 2024-03-27 | Insecure IPsec transport encryption in Cilium |
| CVE-2024-29886 | 2024-03-27 | Improved security for stored password hashes |
| CVE-2024-29887 | 2024-03-27 | Serverpod client accepts any certificate |
| CVE-2024-29888 | 2024-03-27 | Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method |
| CVE-2024-2992 | 2024-03-27 | Tenda FH1203 setcfm formSetCfm stack-based overflow |
| CVE-2024-29891 | 2024-03-27 | ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass |
| CVE-2024-2993 | 2024-03-27 | Tenda FH1203 QuickIndex formQuickIndex stack-based overflow |
| CVE-2024-2994 | 2024-03-27 | Tenda FH1203 GetParentControlInfo stack-based overflow |
| CVE-2024-29892 | 2024-03-27 | ZITADEL's actions can overload reserved claims |
| CVE-2024-2995 | 2024-03-27 | NUUO Camera deletefile.php denial of service |
| CVE-2024-2996 | 2024-03-27 | Bdtask Multi-Store Inventory Management System Page Title cross site scripting |
| CVE-2024-2997 | 2024-03-27 | Bdtask Multi-Store Inventory Management System cross site scripting |
| CVE-2024-2998 | 2024-03-27 | Bdtask Multi-Store Inventory Management System Store Update Page cross site scripting |
| CVE-2024-2999 | 2024-03-27 | Campcodes Online Art Gallery Management System adminHome.php sql injection |
| CVE-2024-3000 | 2024-03-27 | code-projects Online Book System index.php sql injection |
| CVE-2024-3001 | 2024-03-27 | code-projects Online Book System Product.php sql injection |
| CVE-2024-0071 | 2024-03-27 | CVE |
| CVE-2024-0073 | 2024-03-27 | CVE |
| CVE-2024-0074 | 2024-03-27 | CVE |
| CVE-2024-0078 | 2024-03-27 | CVE |
| CVE-2024-0075 | 2024-03-27 | CVE |
| CVE-2024-0077 | 2024-03-27 | CVE |
| CVE-2024-0079 | 2024-03-27 | CVE |
| CVE-2024-3002 | 2024-03-27 | code-projects Online Book System description.php sql injection |
| CVE-2024-3003 | 2024-03-27 | code-projects Online Book System cart.php sql injection |
| CVE-2024-3004 | 2024-03-27 | code-projects Online Book System Product.php cross site scripting |
| CVE-2024-3006 | 2024-03-27 | Tenda FH1205 fromRouteStatic fromSetRouteStatic stack-based overflow |
| CVE-2024-3007 | 2024-03-27 | Tenda FH1205 NatStaticSetting fromNatStaticSetting stack-based overflow |
| CVE-2024-3008 | 2024-03-27 | Tenda FH1205 execCommand formexeCommand stack-based overflow |
| CVE-2024-0980 | 2024-03-27 | The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code. |
| CVE-2024-3009 | 2024-03-27 | Tenda FH1205 WriteFacMac formWriteFacMac command injection |
| CVE-2024-3010 | 2024-03-27 | Tenda FH1205 setcfm formSetCfm stack-based overflow |
| CVE-2023-25341 | 2024-03-28 | A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests. |
| CVE-2024-23727 | 2024-03-28 | The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. |
| CVE-2024-24407 | 2024-03-28 | SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. |
| CVE-2024-25506 | 2024-03-28 | Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie. |
| CVE-2024-27719 | 2024-03-28 | A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field... |
| CVE-2024-28090 | 2024-03-28 | Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. |
| CVE-2024-28091 | 2024-03-28 | Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for... |
| CVE-2024-28713 | 2024-03-28 | An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. |
| CVE-2024-28714 | 2024-03-28 | SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. |
| CVE-2024-29316 | 2024-03-28 | NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true. |
| CVE-2024-29489 | 2024-03-28 | Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. |
| CVE-2024-30583 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. |
| CVE-2024-30585 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. |
| CVE-2024-30586 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. |
| CVE-2024-30587 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. |
| CVE-2024-30588 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. |
| CVE-2024-30589 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. |
| CVE-2024-30590 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. |
| CVE-2024-30591 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. |
| CVE-2024-30592 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. |
| CVE-2024-30594 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. |
| CVE-2024-30595 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. |
| CVE-2024-30596 | 2024-03-28 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. |
| CVE-2024-30597 | 2024-03-28 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. |
| CVE-2024-30598 | 2024-03-28 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. |
| CVE-2024-30599 | 2024-03-28 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. |
| CVE-2024-30600 | 2024-03-28 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. |
| CVE-2024-30601 | 2024-03-28 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. |
| CVE-2024-30603 | 2024-03-28 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. |
| CVE-2024-30604 | 2024-03-28 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function. |