CVE List - 2024 / March
Showing 401 - 500 of 3299 CVEs for March 2024 (Page 5 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-45592 | 2024-03-05 | A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of... |
| CVE-2023-45593 | 2024-03-05 | A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read... |
| CVE-2023-45594 | 2024-03-05 | A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts... |
| CVE-2023-45595 | 2024-03-05 | A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file... |
| CVE-2023-45596 | 2024-03-05 | A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6... |
| CVE-2023-45597 | 2024-03-05 | A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to... |
| CVE-2023-45598 | 2024-03-05 | A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6... |
| CVE-2023-45599 | 2024-03-05 | A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type... |
| CVE-2023-45600 | 2024-03-05 | A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6... |
| CVE-2024-2188 | 2024-03-05 | Cross-Site Scripting vulnerability in TP-Link Archer AX50 |
| CVE-2023-7103 | 2024-03-05 | Authentication Bypass in ZKSoftware's UFace 5 |
| CVE-2024-1202 | 2024-03-05 | Authentication Bypass in XPodas' Octopod |
| CVE-2024-27929 | 2024-03-05 | Use After Free in SixLabors.ImageSharp |
| CVE-2024-27931 | 2024-03-05 | Insufficient permission checking in `Deno.makeTemp*` APIs |
| CVE-2024-22252 | 2024-03-05 | Use-after-free vulnerability |
| CVE-2024-22253 | 2024-03-05 | Use-after-free vulnerability |
| CVE-2024-22254 | 2024-03-05 | Out-of-bounds write vulnerability |
| CVE-2024-22255 | 2024-03-05 | Information disclosure vulnerability |
| CVE-2024-22352 | 2024-03-05 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-2005 | 2024-03-05 | SAML implementation allows privilege escalation |
| CVE-2023-35899 | 2024-03-05 | IBM Cloud Pak for Automation CSV injection |
| CVE-2024-2053 | 2024-03-05 | Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability |
| CVE-2024-2054 | 2024-03-05 | Artica Proxy Unauthenticated PHP Deserialization Vulnerability |
| CVE-2024-2055 | 2024-03-05 | Artica Proxy Unauthenticated File Manager Vulnerability |
| CVE-2024-2056 | 2024-03-05 | Artica Proxy Loopback Services Remotely Accessible Unauthenticated |
| CVE-2024-23256 | 2024-03-05 | A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab... |
| CVE-2024-23225 | 2024-03-05 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read... |
| CVE-2024-23296 | 2024-03-05 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be... |
| CVE-2024-23243 | 2024-03-05 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read... |
| CVE-2023-26282 | 2024-03-05 | IBM Watson CP4D Data Stores file modificiation |
| CVE-2023-25681 | 2024-03-05 | IBM Spectrum Virtualize security bypass |
| CVE-2022-22399 | 2024-03-05 | IBM Aspera Faspex HTTP header injection |
| CVE-2024-1356 | 2024-03-05 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2024-25611 | 2024-03-05 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2024-25612 | 2024-03-05 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2024-25613 | 2024-03-05 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2024-25614 | 2024-03-05 | There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating... |
| CVE-2024-25615 | 2024-03-05 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the... |
| CVE-2024-25616 | 2024-03-05 | Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information... |
| CVE-2024-2179 | 2024-03-05 | Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type |
| CVE-2024-1901 | 2024-03-05 | Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable. |
| CVE-2024-1900 | 2024-03-05 | Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is... |
| CVE-2024-1898 | 2024-03-05 | Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. |
| CVE-2024-1764 | 2024-03-05 | Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances |
| CVE-2024-24783 | 2024-03-05 | Verify panics on certificates with an unknown public key algorithm in crypto/x509 |
| CVE-2023-45290 | 2024-03-05 | Memory exhaustion in multipart form parsing in net/textproto and net/http |
| CVE-2023-45289 | 2024-03-05 | Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http |
| CVE-2024-24784 | 2024-03-05 | Comments in display names are incorrectly handled in net/mail |
| CVE-2024-24785 | 2024-03-05 | Errors returned from JSON marshaling may break template escaping in html/template |
| CVE-2024-24786 | 2024-03-05 | Infinite loop in JSON unmarshaling in google.golang.org/protobuf |
| CVE-2024-27278 | 2024-03-05 | OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an... |
| CVE-2020-26942 | 2024-03-06 | An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for... |
| CVE-2023-33677 | 2024-03-06 | Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". |
| CVE-2023-38825 | 2024-03-06 | SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php. |
| CVE-2023-38946 | 2024-03-06 | An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie. |
| CVE-2023-49971 | 2024-03-06 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. |
| CVE-2023-49973 | 2024-03-06 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. |
| CVE-2023-49974 | 2024-03-06 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list. |
| CVE-2023-49976 | 2024-03-06 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket. |
| CVE-2023-49977 | 2024-03-06 | A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer. |
| CVE-2023-49978 | 2024-03-06 | Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. |
| CVE-2023-49979 | 2024-03-06 | A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. |
| CVE-2023-49980 | 2024-03-06 | A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. |
| CVE-2023-49981 | 2024-03-06 | A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. |
| CVE-2023-49982 | 2024-03-06 | Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. |
| CVE-2023-49983 | 2024-03-06 | A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-49984 | 2024-03-06 | A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-49985 | 2024-03-06 | A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2024-25359 | 2024-03-06 | An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. |
| CVE-2023-38945 | 2024-03-06 | Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying... |
| CVE-2024-1220 | 2024-03-06 | NPort W2150A/W2250A Series Web Server Stack-based Buffer Overflow Vulnerability |
| CVE-2024-1760 | 2024-03-06 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due... |
| CVE-2024-1771 | 2024-03-06 | The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59.... |
| CVE-2024-1989 | 2024-03-06 | The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58... |
| CVE-2023-52583 | 2024-03-06 | ceph: fix deadlock or deadcode of misusing dget() |
| CVE-2023-52584 | 2024-03-06 | spmi: mediatek: Fix UAF on device remove |
| CVE-2023-52585 | 2024-03-06 | drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() |
| CVE-2023-52586 | 2024-03-06 | drm/msm/dpu: Add mutex lock in control vblank irq |
| CVE-2023-52587 | 2024-03-06 | IB/ipoib: Fix mcast list locking |
| CVE-2023-52588 | 2024-03-06 | f2fs: fix to tag gcing flag on page during block migration |
| CVE-2023-52589 | 2024-03-06 | media: rkisp1: Fix IRQ disable race issue |
| CVE-2023-52590 | 2024-03-06 | ocfs2: Avoid touching renamed directory if parent does not change |
| CVE-2023-52591 | 2024-03-06 | reiserfs: Avoid touching renamed directory if parent does not change |
| CVE-2023-52593 | 2024-03-06 | wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() |
| CVE-2023-52594 | 2024-03-06 | wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() |
| CVE-2023-52595 | 2024-03-06 | wifi: rt2x00: restart beacon queue when hardware reset |
| CVE-2023-52596 | 2024-03-06 | sysctl: Fix out of bounds access for empty sysctl registers |
| CVE-2023-52597 | 2024-03-06 | KVM: s390: fix setting of fpc register |
| CVE-2023-52598 | 2024-03-06 | s390/ptrace: handle setting of fpc register correctly |
| CVE-2023-52599 | 2024-03-06 | jfs: fix array-index-out-of-bounds in diNewExt |
| CVE-2023-52600 | 2024-03-06 | jfs: fix uaf in jfs_evict_inode |
| CVE-2023-52601 | 2024-03-06 | jfs: fix array-index-out-of-bounds in dbAdjTree |
| CVE-2023-52602 | 2024-03-06 | jfs: fix slab-out-of-bounds Read in dtSearch |
| CVE-2023-52603 | 2024-03-06 | UBSAN: array-index-out-of-bounds in dtSplitRoot |
| CVE-2023-52604 | 2024-03-06 | FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree |
| CVE-2023-52606 | 2024-03-06 | powerpc/lib: Validate size for vector operations |
| CVE-2023-52607 | 2024-03-06 | powerpc/mm: Fix null-pointer dereference in pgtable_cache_add |
| CVE-2024-26623 | 2024-03-06 | pds_core: Prevent race issues involving the adminq |
| CVE-2024-26625 | 2024-03-06 | llc: call sock_orphan() at release time |
| CVE-2024-26626 | 2024-03-06 | ipmr: fix kernel panic when forwarding mcast packets |