CVE List - 2024 / March
Showing 901 - 1000 of 3299 CVEs for March 2024 (Page 10 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-25331 | 2024-03-12 | DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow. |
| CVE-2024-26521 | 2024-03-12 | HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php... |
| CVE-2024-27758 | 2024-03-12 | In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that... |
| CVE-2024-28338 | 2024-03-12 | A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. |
| CVE-2024-28339 | 2024-03-12 | An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. |
| CVE-2024-28340 | 2024-03-12 | An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. |
| CVE-2024-28535 | 2024-03-12 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. |
| CVE-2024-28553 | 2024-03-12 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. |
| CVE-2023-42307 | 2024-03-12 | Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section. |
| CVE-2023-43279 | 2024-03-12 | Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command. |
| CVE-2023-49453 | 2024-03-12 | Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. |
| CVE-2024-24101 | 2024-03-12 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. |
| CVE-2024-22127 | 2024-03-12 | Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in) |
| CVE-2024-22133 | 2024-03-12 | Improper Access Control in SAP Fiori Front End Server |
| CVE-2024-25644 | 2024-03-12 | Information Disclosure vulnerability in NetWeaver (WSRM) |
| CVE-2024-27900 | 2024-03-12 | Missing Authorization check in SAP ABAP Platform |
| CVE-2024-27902 | 2024-03-12 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI) |
| CVE-2024-28163 | 2024-03-12 | Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages) |
| CVE-2024-25645 | 2024-03-12 | Information Disclosure vulnerability in SAP NetWeaver (Enterprise Portal) |
| CVE-2023-6814 | 2024-03-12 | Information Exposure Vulnerability in Cosminexus Component Container |
| CVE-2024-21805 | 2024-03-12 | Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed... |
| CVE-2024-24964 | 2024-03-12 | Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed... |
| CVE-2024-21584 | 2024-03-12 | Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an... |
| CVE-2024-27121 | 2024-03-12 | Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may... |
| CVE-2024-25994 | 2024-03-12 | PHOENIX CONTACT: Unintended script file upload in CHARX Series |
| CVE-2024-25995 | 2024-03-12 | PHOENIX CONTACT: Remote code execution in CHARX Series |
| CVE-2024-25996 | 2024-03-12 | PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series |
| CVE-2024-25997 | 2024-03-12 | PHOENIX CONTACT: Log injection in CHARX Series |
| CVE-2024-25998 | 2024-03-12 | PHOENIX CONTACT: Command injection in the OCPP Service |
| CVE-2024-25999 | 2024-03-12 | PHOENIX CONTACT: Privilege escalation in the OCPP agent service |
| CVE-2024-26000 | 2024-03-12 | PHOENIX CONTACT: Out of bounds read only memory access |
| CVE-2024-26001 | 2024-03-12 | PHOENIX CONTACT: Out of bounds write only memory access |
| CVE-2024-26002 | 2024-03-12 | PHOENIX CONTACT: File ownership manipulation in CHARX Series |
| CVE-2024-26003 | 2024-03-12 | PHOENIX CONTACT: DoS of the control agent in CHARX Series |
| CVE-2024-26004 | 2024-03-12 | PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series |
| CVE-2024-26005 | 2024-03-12 | PHOENIX CONTACT: Privilege gain through incomplete cleanup in CHARX Series |
| CVE-2024-26288 | 2024-03-12 | PHOENIX CONTACT: Lack of SSL support in CHARX Series |
| CVE-2024-27279 | 2024-03-12 | Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and... |
| CVE-2024-1328 | 2024-03-12 | The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output... |
| CVE-2024-0906 | 2024-03-12 | The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated... |
| CVE-2024-2371 | 2024-03-12 | Information exposure vulnerability in Korenix JetI/O 6550 |
| CVE-2023-4628 | 2024-03-12 | The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes... |
| CVE-2023-4731 | 2024-03-12 | The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including,... |
| CVE-2023-4626 | 2024-03-12 | The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This... |
| CVE-2023-4728 | 2024-03-12 | The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up... |
| CVE-2023-4627 | 2024-03-12 | The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This... |
| CVE-2023-4729 | 2024-03-12 | The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to,... |
| CVE-2023-4629 | 2024-03-12 | The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes... |
| CVE-2023-41313 | 2024-03-12 | Apache Doris: Timing Attack weakness |
| CVE-2023-45793 | 2024-03-12 | A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to... |
| CVE-2024-21483 | 2024-03-12 | A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120... |
| CVE-2024-22039 | 2024-03-12 | A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN... |
| CVE-2024-22040 | 2024-03-12 | A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All... |
| CVE-2024-22041 | 2024-03-12 | A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All... |
| CVE-2024-22044 | 2024-03-12 | A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet.... |
| CVE-2024-22045 | 2024-03-12 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who... |
| CVE-2024-27907 | 2024-03-12 | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing... |
| CVE-2024-2391 | 2024-03-12 | EVE-NG Lab cross site scripting |
| CVE-2022-32257 | 2024-03-12 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of... |
| CVE-2024-2049 | 2024-03-12 | Server-Side Request Forgery (SSRF) |
| CVE-2024-2393 | 2024-03-12 | SourceCodester CRUD without Page Reload add_user.php sql injection |
| CVE-2024-2394 | 2024-03-12 | SourceCodester Employee Management System add-admin.php unrestricted upload |
| CVE-2024-1618 | 2024-03-12 | Unquoted item or search path vulnerability in Faronics Deep Freeze Server Standard |
| CVE-2024-1226 | 2024-03-12 | Multiple vulnerabilities in Rejetto's Http File Server |
| CVE-2023-36554 | 2024-03-12 | A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code... |
| CVE-2023-41842 | 2024-03-12 | A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0... |
| CVE-2024-21761 | 2024-03-12 | An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. |
| CVE-2023-42790 | 2024-03-12 | A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12,... |
| CVE-2024-23112 | 2024-03-12 | An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0... |
| CVE-2023-42789 | 2024-03-12 | A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0... |
| CVE-2023-48788 | 2024-03-12 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code... |
| CVE-2023-46717 | 2024-03-12 | An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly... |
| CVE-2023-47534 | 2024-03-12 | A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows... |
| CVE-2024-1227 | 2024-03-12 | Multiple vulnerabilities in Rejetto's Http File Server |
| CVE-2024-1527 | 2024-03-12 | Unrestricted Upload of File with Dangerous Type in CMS Made Simple |
| CVE-2024-1528 | 2024-03-12 | Cross-site Scripting in CMS Made Simple |
| CVE-2024-1301 | 2024-03-12 | Multiple Vulnerabilities in Badger Meter's Monitool |
| CVE-2024-1529 | 2024-03-12 | Cross-site Scripting in CMS Made Simple |
| CVE-2024-1302 | 2024-03-12 | Multiple Vulnerabilities in Badger Meter's Monitool |
| CVE-2024-1303 | 2024-03-12 | Multiple Vulnerabilities in Badger Meter's Monitool |
| CVE-2024-1304 | 2024-03-12 | Multiple Vulnerabilities in Badger Meter's Monitool |
| CVE-2024-2182 | 2024-03-12 | Ovn: insufficient validation of bfd packets may lead to denial of service |
| CVE-2024-20671 | 2024-03-12 | Microsoft Defender Security Feature Bypass Vulnerability |
| CVE-2024-21392 | 2024-03-12 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2024-21411 | 2024-03-12 | Skype for Consumer Remote Code Execution Vulnerability |
| CVE-2024-21418 | 2024-03-12 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability |
| CVE-2024-21421 | 2024-03-12 | Azure SDK Spoofing Vulnerability |
| CVE-2024-21426 | 2024-03-12 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-21429 | 2024-03-12 | Windows USB Hub Driver Remote Code Execution Vulnerability |
| CVE-2024-21430 | 2024-03-12 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability |
| CVE-2024-21438 | 2024-03-12 | Microsoft AllJoyn API Denial of Service Vulnerability |
| CVE-2024-21439 | 2024-03-12 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2024-21441 | 2024-03-12 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21442 | 2024-03-12 | Windows USB Print Driver Elevation of Privilege Vulnerability |
| CVE-2024-21443 | 2024-03-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-21444 | 2024-03-12 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21445 | 2024-03-12 | Windows USB Print Driver Elevation of Privilege Vulnerability |
| CVE-2024-21446 | 2024-03-12 | NTFS Elevation of Privilege Vulnerability |
| CVE-2024-21450 | 2024-03-12 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21451 | 2024-03-12 | Microsoft ODBC Driver Remote Code Execution Vulnerability |