CVE List - 2024 / March
Showing 601 - 700 of 3299 CVEs for March 2024 (Page 7 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-0199 | 2024-03-07 | Incorrect Authorization in GitLab |
| CVE-2024-0817 | 2024-03-07 | Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 |
| CVE-2024-1443 | 2024-03-07 | MSI Afterburner v4.6.5.16370 - Denial of Service |
| CVE-2024-1460 | 2024-03-07 | MSI Afterburner v4.6.5.16370 - Kernel Memory Leak |
| CVE-2024-0815 | 2024-03-07 | Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 |
| CVE-2024-28094 | 2024-03-07 | Blind SQL Injection in Chat functionality in Schoolbox |
| CVE-2024-28095 | 2024-03-07 | Stored Cross-site Scripting in News functionality in Schoolbox |
| CVE-2024-28096 | 2024-03-07 | Stored Cross-site Scripting in Class functionality in Schoolbox |
| CVE-2024-28097 | 2024-03-07 | Stored Cross-site Scripting in Calendar functionality in Schoolbox |
| CVE-2024-1761 | 2024-03-07 | The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization... |
| CVE-2024-28211 | 2024-03-07 | nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. |
| CVE-2024-28212 | 2024-03-07 | nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. |
| CVE-2024-28213 | 2024-03-07 | nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. |
| CVE-2024-28214 | 2024-03-07 | nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker. |
| CVE-2024-28215 | 2024-03-07 | nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request... |
| CVE-2024-28216 | 2024-03-07 | nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side... |
| CVE-2023-51395 | 2024-03-07 | Z-Wave S0 Decryption Vulnerability in End Devices |
| CVE-2024-1366 | 2024-03-07 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including,... |
| CVE-2024-1720 | 2024-03-07 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all... |
| CVE-2024-1500 | 2024-03-07 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient... |
| CVE-2024-1377 | 2024-03-07 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including,... |
| CVE-2024-1506 | 2024-03-07 | The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Fiestar widget in all versions up to, and... |
| CVE-2024-1419 | 2024-03-07 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to,... |
| CVE-2024-0917 | 2024-03-07 | remote code execution in paddlepaddle/paddle 2.6.0 |
| CVE-2023-42662 | 2024-03-07 | JFrog Artifactory Improper SSO Mechanism may lead to Exposure of Access Tokens |
| CVE-2024-2136 | 2024-03-07 | The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient... |
| CVE-2024-1382 | 2024-03-07 | The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes... |
| CVE-2024-1931 | 2024-03-07 | Denial of service when trimming EDE text on positive replies |
| CVE-2024-1534 | 2024-03-07 | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input sanitization... |
| CVE-2024-22256 | 2024-03-07 | VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. |
| CVE-2024-1170 | 2024-03-07 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion... |
| CVE-2024-1169 | 2024-03-07 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due... |
| CVE-2024-28228 | 2024-03-07 | In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible |
| CVE-2024-28229 | 2024-03-07 | In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles |
| CVE-2024-28230 | 2024-03-07 | In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions |
| CVE-2024-0818 | 2024-03-07 | Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 |
| CVE-2024-2245 | 2024-03-07 | Cross-Site Scripting vulnerability in moziloCMS |
| CVE-2024-2241 | 2024-03-07 | Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions |
| CVE-2023-42661 | 2024-03-07 | JFrog Artifactory Improper input validation leads to arbitrary file write |
| CVE-2023-42509 | 2024-03-07 | JFrog Artifactory Sensitive Data Leakage in Repository configuration process |
| CVE-2023-48725 | 2024-03-07 | A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker... |
| CVE-2024-1351 | 2024-03-07 | MongoDB Server may allow successful untrusted connection |
| CVE-2024-1442 | 2024-03-07 | User with permissions to create a data source can CRUD all data sources |
| CVE-2024-1773 | 2024-03-07 | The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input... |
| CVE-2024-2128 | 2024-03-07 | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2024-0203 | 2024-03-07 | The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This... |
| CVE-2024-2127 | 2024-03-07 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3... |
| CVE-2024-1725 | 2024-03-07 | Kubevirt-csi: persistentvolume allows access to hcp's root node |
| CVE-2024-26167 | 2024-03-07 | Microsoft Edge for Android Spoofing Vulnerability |
| CVE-2023-46171 | 2024-03-07 | IBM DS8900F information disclosure |
| CVE-2023-46170 | 2024-03-07 | IBM DS8900F information disclosure |
| CVE-2024-1802 | 2024-03-07 | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2024-1986 | 2024-03-07 | The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and... |
| CVE-2023-46172 | 2024-03-07 | IBM DS8900F security bypass |
| CVE-2023-46169 | 2024-03-07 | IBM DS8900F file manipulation |
| CVE-2024-2044 | 2024-03-07 | Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4 |
| CVE-2024-28115 | 2024-03-07 | Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled |
| CVE-2024-2264 | 2024-03-07 | keerti1924 PHP-MYSQL-User-Login-System login.php sql injection |
| CVE-2024-2265 | 2024-03-07 | keerti1924 PHP-MYSQL-User-Login-System login.sql inclusion of sensitive information in source code |
| CVE-2024-2266 | 2024-03-07 | keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting |
| CVE-2024-2267 | 2024-03-07 | keerti1924 Online-Book-Store-Website shop.php logic error |
| CVE-2024-2268 | 2024-03-07 | keerti1924 Online-Book-Store-Website unrestricted upload |
| CVE-2024-2269 | 2024-03-07 | keerti1924 Online-Book-Store-Website search.php sql injection |
| CVE-2024-2270 | 2024-03-07 | keerti1924 Online-Book-Store-Website signup.php cross site scripting |
| CVE-2024-2271 | 2024-03-07 | keerti1924 Online-Book-Store-Website HTTP POST Request shop.php sql injection |
| CVE-2024-2272 | 2024-03-07 | keerti1924 Online-Book-Store-Website HTTP POST Request home.php sql injection |
| CVE-2019-6268 | 2024-03-08 | RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. |
| CVE-2024-25845 | 2024-03-08 | In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions. |
| CVE-2024-25848 | 2024-03-08 | In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions. |
| CVE-2024-26313 | 2024-03-08 | Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or... |
| CVE-2024-28753 | 2024-03-08 | RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request. |
| CVE-2024-28754 | 2024-03-08 | RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request. |
| CVE-2024-25849 | 2024-03-08 | In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` . |
| CVE-2024-26309 | 2024-03-08 | Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL. |
| CVE-2024-27612 | 2024-03-08 | Numbas editor before 7.3 mishandles editing of themes and extensions. |
| CVE-2024-27613 | 2024-03-08 | Numbas editor before 7.3 mishandles reading of themes and extensions. |
| CVE-2024-2274 | 2024-03-08 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Prescription Dashboard Index cross site scripting |
| CVE-2024-2275 | 2024-03-08 | Bdtask G-Prescription Gynaecology & OBS Consultation Software OBS Patient/Gynee Prescription cross site scripting |
| CVE-2024-2276 | 2024-03-08 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Edit Venue Page cross site scripting |
| CVE-2024-2277 | 2024-03-08 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery |
| CVE-2024-2281 | 2024-03-08 | boyiddha Automated-Mess-Management-System Setting index.php access control |
| CVE-2024-2282 | 2024-03-08 | boyiddha Automated-Mess-Management-System Login Page index.php sql injection |
| CVE-2024-23276 | 2024-03-08 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. |
| CVE-2024-23260 | 2024-03-08 | This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. |
| CVE-2024-23295 | 2024-03-08 | A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona. |
| CVE-2024-23283 | 2024-03-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS... |
| CVE-2024-23240 | 2024-03-08 | The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. |
| CVE-2024-23201 | 2024-03-08 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma... |
| CVE-2024-23257 | 2024-03-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing... |
| CVE-2024-23216 | 2024-03-08 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite... |
| CVE-2024-23241 | 2024-03-08 | This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak... |
| CVE-2024-23294 | 2024-03-08 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution. |
| CVE-2024-23277 | 2024-03-08 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able... |
| CVE-2023-28826 | 2024-03-08 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An... |
| CVE-2024-23220 | 2024-03-08 | The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user. |
| CVE-2024-23293 | 2024-03-08 | This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access... |
| CVE-2024-23285 | 2024-03-08 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the... |
| CVE-2024-23246 | 2024-03-08 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS... |
| CVE-2024-23250 | 2024-03-08 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be... |
| CVE-2024-23227 | 2024-03-08 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to... |