CVE List - 2024 / March
Showing 501 - 600 of 3299 CVEs for March 2024 (Page 6 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-26627 | 2024-03-06 | scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler |
| CVE-2024-2211 | 2024-03-06 | Cross-Site Scripting vulnerability in Gophish Admin Panel |
| CVE-2024-1224 | 2024-03-06 | Information Disclosure Vulnerability in CDAC USB Pratirodh |
| CVE-2024-25102 | 2024-03-06 | Information Disclosure Vulnerability in CDAC AppSamvid Software |
| CVE-2024-25103 | 2024-03-06 | Dynamic Link Library (DLL) Hijacking Vulnerability in CDAC AppSamvid Software |
| CVE-2024-26580 | 2024-03-06 | Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability |
| CVE-2023-50740 | 2024-03-06 | Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged |
| CVE-2024-20301 | 2024-03-06 | A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is... |
| CVE-2024-20338 | 2024-03-06 | A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability... |
| CVE-2024-20337 | 2024-03-06 | A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.... |
| CVE-2024-20335 | 2024-03-06 | A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against... |
| CVE-2024-20336 | 2024-03-06 | A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against... |
| CVE-2024-20292 | 2024-03-06 | A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an... |
| CVE-2024-20346 | 2024-03-06 | A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the... |
| CVE-2024-20345 | 2024-03-06 | A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due... |
| CVE-2024-28173 | 2024-03-06 | In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed |
| CVE-2024-28174 | 2024-03-06 | In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly |
| CVE-2024-2215 | 2024-03-06 | A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin... |
| CVE-2024-2216 | 2024-03-06 | A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL,... |
| CVE-2024-28149 | 2024-03-06 | Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a... |
| CVE-2024-28150 | 2024-03-06 | Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site... |
| CVE-2024-28151 | 2024-03-06 | Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether... |
| CVE-2024-28152 | 2024-03-06 | In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from... |
| CVE-2024-28153 | 2024-03-06 | Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. |
| CVE-2024-28154 | 2024-03-06 | Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. |
| CVE-2024-28155 | 2024-03-06 | Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group... |
| CVE-2024-28156 | 2024-03-06 | Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build... |
| CVE-2024-28157 | 2024-03-06 | Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. |
| CVE-2024-28158 | 2024-03-06 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. |
| CVE-2024-28159 | 2024-03-06 | A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. |
| CVE-2024-28160 | 2024-03-06 | Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. |
| CVE-2024-28161 | 2024-03-06 | In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default. |
| CVE-2024-28162 | 2024-03-06 | In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take... |
| CVE-2023-50167 | 2024-03-06 | Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. |
| CVE-2023-50716 | 2024-03-06 | Invalid DATA_FRAG Submessage causes a bad-free error |
| CVE-2024-24761 | 2024-03-06 | Galette public pages accessibility restriction |
| CVE-2024-24765 | 2024-03-06 | CasaOS-UserService allows unauthorized access to any file |
| CVE-2024-24767 | 2024-03-06 | CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability |
| CVE-2024-24766 | 2024-03-06 | CasaOS Username Enumeration |
| CVE-2024-25111 | 2024-03-06 | SQUID-2024:1 Denial of Service in HTTP Chunked Decoding |
| CVE-2024-27287 | 2024-03-06 | ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API |
| CVE-2024-27288 | 2024-03-06 | 1Panel open source panel project has an unauthorized vulnerability. |
| CVE-2024-27289 | 2024-03-06 | pgx SQL Injection via Line Comment Creation |
| CVE-2024-27302 | 2024-03-06 | Authorization Bypass Through User-Controlled Key in go-zero |
| CVE-2024-2173 | 2024-03-06 | Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium... |
| CVE-2024-2174 | 2024-03-06 | Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-2176 | 2024-03-06 | Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-27303 | 2024-03-06 | electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) |
| CVE-2024-27304 | 2024-03-06 | pgx SQL Injection via Protocol Message Size Overflow |
| CVE-2023-48703 | 2024-03-06 | SAML authentication bypass vulnerability in RobotsAndPencils/go-saml |
| CVE-2024-27307 | 2024-03-06 | JSONata expression can pollute the "Object" prototype |
| CVE-2024-27308 | 2024-03-06 | Mio's tokens for named pipes may be delivered after deregistration |
| CVE-2024-27915 | 2024-03-06 | Sulu grants access to pages regardless of role permissions |
| CVE-2024-27917 | 2024-03-06 | Shopware's session is persistent in Cache for 404 pages |
| CVE-2024-1142 | 2024-03-06 | Sonatype IQ Server - Path Traversal |
| CVE-2024-27916 | 2024-03-06 | `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user |
| CVE-2024-27918 | 2024-03-06 | Coder's OIDC authentication allows email with partially matching domain to register |
| CVE-2024-27923 | 2024-03-06 | Remote Code Execution by uploading a phar file using frontmatter |
| CVE-2024-27922 | 2024-03-06 | HTTP Handling Vulnerability in the Bare server |
| CVE-2024-27926 | 2024-03-06 | RSSHub Cross-site Scripting vulnerability caused by internal media proxy |
| CVE-2024-27927 | 2024-03-06 | RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4 |
| CVE-2024-27932 | 2024-03-06 | Deno's improper suffix match testing for DENO_AUTH_TOKENS |
| CVE-2024-27933 | 2024-03-06 | Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass |
| CVE-2024-27934 | 2024-03-06 | *const c_void / ExternalPointer unsoundness leading to use-after-free |
| CVE-2024-27935 | 2024-03-06 | Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination |
| CVE-2024-27936 | 2024-03-06 | Deno interactive permission prompt spoofing via improper ANSI stripping |
| CVE-2024-28101 | 2024-03-06 | Apollo Router's Compressed Payloads do not respect HTTP Payload Limits |
| CVE-2024-28102 | 2024-03-06 | JWCrypto vulnerable to JWT bomb Attack in `deserialize` function |
| CVE-2024-28110 | 2024-03-06 | Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials |
| CVE-2024-28111 | 2024-03-06 | CSV Injection in exported history CSV files |
| CVE-2024-2236 | 2024-03-06 | Libgcrypt: vulnerable to marvin attack |
| CVE-2022-46089 | 2024-03-07 | Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-46091 | 2024-03-07 | Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-46497 | 2024-03-07 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php. |
| CVE-2022-46498 | 2024-03-07 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php. |
| CVE-2022-46499 | 2024-03-07 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php. |
| CVE-2023-33676 | 2024-03-07 | Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution. |
| CVE-2023-41015 | 2024-03-07 | code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?JobId=1. |
| CVE-2023-47415 | 2024-03-07 | Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter. |
| CVE-2023-49986 | 2024-03-07 | A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-49987 | 2024-03-07 | A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-49988 | 2024-03-07 | Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. |
| CVE-2023-49989 | 2024-03-07 | Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. |
| CVE-2023-51281 | 2024-03-07 | Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. |
| CVE-2023-51786 | 2024-03-07 | An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control. |
| CVE-2024-22752 | 2024-03-07 | Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory. |
| CVE-2024-22857 | 2024-03-07 | Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a check... |
| CVE-2024-24035 | 2024-03-07 | Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter. |
| CVE-2024-24375 | 2024-03-07 | SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. |
| CVE-2024-25327 | 2024-03-07 | Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function. |
| CVE-2024-25729 | 2024-03-07 | Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters... |
| CVE-2024-26492 | 2024-03-07 | An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email,... |
| CVE-2024-26566 | 2024-03-07 | An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. |
| CVE-2024-27707 | 2024-03-07 | Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. |
| CVE-2024-27733 | 2024-03-07 | File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. |
| CVE-2024-28222 | 2024-03-07 | In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. |
| CVE-2023-41014 | 2024-03-07 | code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer." |
| CVE-2023-41503 | 2024-03-07 | Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function. |
| CVE-2024-24389 | 2024-03-07 | A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter. |
| CVE-2024-1299 | 2024-03-07 | Privilege Chaining in GitLab |